Skip to content
Implementa.

AI Infrastructure · Service 12

Your cybersecurity vendor doesn't understand AI agents. Your AI consultancy doesn't understand security. We are both.

We protect your entire company — perimeter, access, compliance — and the new layer almost nobody covers yet: agents that take decisions, access your data and connect to your systems. Traceability, access control and protection against prompt injection from day one.

We cover the classic security your company already needs and the AI-specific security of the systems we deploy: what each agent can touch, who audits its decisions, how it is defended against prompt injection and how to stay compliant when a model processes customer data. We do not deliver a risk report — we leave the system secure and running.

Book a technical conversation

Promise: We do not deliver a risk report. We leave the system secure, monitored and running.

The product

This is what you get in your inbox.

AI Infrastructure

4 services · 99.97% uptime 90d

Requests / day

48.2k

+12% MoM

Cost / 1k tokens

€0.04

-23% optimized

P95 latency

312ms

target < 500ms

Services in production

Vector DB

12ms

OK

Embeddings API

48ms

OK

LLM Gateway

186ms

OK

Cache Redis

3ms

OK

Sound familiar?

You have AI agents in production. Nobody knows what they can actually touch — let alone how to defend them.

Classic cybersecurity does not cover agents that read emails, access your CRM and execute actions. Your current vendor does not understand that attack surface. The one who does has no idea about your perimeter.

  • Your AI agent has "broad read" credentials because nobody defined what it actually needs.
  • There is no log of the decisions each agent takes in production — if something goes wrong, you can't audit it.
  • Legal asks "how do we comply with the EU AI Act?" and nobody has an answer.
  • You ran a classic pentest that found no AI vulnerabilities because the pentester does not know them.
  • You know that the day a competitor or attacker prompt-injects your system, you are not ready.

How we ship it

We cover both layers. Under a single accountable owner.

Full audit (classic + AI), hardening implementation, AI-specific agent policy, continuous monitoring and incident response plan. When we leave, your system is secure and your team knows how to operate it.

  1. Dual audit (perimeter + AI)

    Classic pentest (red/blue team) + specific analysis of every AI agent in production: prompt-injection vectors, exfiltration, privilege escalation, PII exposure.

  2. Classic hardening

    Perimeter hardening, MFA, PAM, EDR, vulnerability management. The baseline any serious cyber provider should leave behind.

  3. AI-specific layer

    Least-privilege access policy per agent, sandbox for critical actions, defenses against prompt injection (input validation + output guardrails), full decision logging.

  4. Response plan + tabletop exercise

    Incident response playbook (classic + AI-specific) with roles, escalation and communication. Initial tabletop exercise to validate the team can execute it.

Most companies have two vendors (one for cyber, one for AI) that do not talk to each other. We are both, under a single accountable owner — the only layer that closes the real gap between classic security and unsupervised AI in production.

Honest filter

Is this for you?

We don't sell to everyone. Here's who it works for and who it doesn't — so you can decide with criteria before signing.

It's for you if…

  • Companies with AI agents in production processing sensitive data (financial, health, commercial).
  • Organizations subject to the EU AI Act, NIS2 or sector-specific regulation (banking, health, insurance).
  • Mid-market or enterprise with heterogeneous stacks where security needs full coverage.
  • CISOs / DPOs who need to demonstrate to committee or auditor that the AI layer is covered.

It's not for you if…

  • Companies with no AI systems in production and no plan to deploy them in the next 12 months — you do not need the AI-specific layer yet.
  • Anyone looking for just an ISO 27001 / SOC 2 certificate — that is external certification, not our focus.
  • Anyone after a cheap one-off pentest — our model is project + retainer, not a single engagement.

The concrete delivery

What exactly do you get?

What you receive when the service ships. No "discovery phases" billed separately, no "iterations" without scope.

  • Perimeter hardening, privileged access management (PAM) and endpoint hardening across the whole organization
  • AI-specific security policy (what each agent can touch, what it cannot, human escalation)
  • Protection layer against prompt injection, jailbreaking and LLM exfiltration
  • Full logging and traceability of every agent decision in production
  • Incident response plan (classic + AI-specific) with assigned roles and initial tabletop exercise

The promise: We do not deliver a risk report. We leave the system secure, monitored and running.

No surprises

What happens when you book a conversation

This is what happens when you enter the project. No months of theoretical discovery.

  1. Day 1

    Technical kickoff + restricted access

    A session with your CISO/CTO + the owners of the AI systems in production. We sign a reinforced NDA and you grant restricted read access to the perimeter and the agent logs.

  2. Week 1-3

    Dual audit delivered

    Technical report covering: perimeter vulnerabilities, per-agent AI findings, prioritized risk map. Review meeting with your team.

  3. Week 4-10

    Classic hardening + AI layer implemented

    Technical work coordinated with your IT and AI teams. Incremental validation — we do not wait until the end to show progress.

  4. Week 11-14

    Runbook + tabletop + handover

    Incident response playbook, full tabletop exercise with your team, training session so the AI layer is operable in-house.

Pricing

How is this service quoted?

Due to technical complexity and integration, 30 minutes of conversation beats a cold quote.

Mid-market / enterprise

from $25,000

setup / project

Project from €25,000 · Continuous monitoring retainer: scoped on request

Book a technical conversation

Frequently asked questions

Both, under a single accountable owner. The classic cyber team has spent years covering perimeter, access and compliance. We added the AI layer because almost nobody in the sector covers it yet — and agents in production have attack vectors traditional cyber does not contemplate.

It is the technique where an attacker injects malicious instructions into the input an LLM receives (e.g. inside an email your agent reads), getting the agent to act against your interest (leak data, execute actions, bypass safeguards). Any LLM-based system that processes external inputs is vulnerable by default.

Yes. We map AI systems in production against the EU AI Act requirements by risk level, generate the required technical and operational documentation and leave a monitoring system in place. For formal certifications we coordinate with an external auditor.

Perfectly fine. The service is modular. If you come for the classic side, we cover exactly that. If you deploy agents later, the AI layer slots in without rewriting the previous work.

Between 8 and 14 weeks depending on the size and complexity of the current stack. Initial audit: 2-3 weeks; hardening + AI layer + runbooks: 6-11 additional weeks.

More in AI Infrastructure

Enterprise AI Infrastructure

AI-first architecture your systems live on. Routing, orchestration, RAG, data layer.

AI Adoption for Teams

Per-department playbooks, training and governance. Real adoption, not isolated enthusiasm.

Data Governance

Most AI projects don't die because of the model. They die because data lives in six silos with no owner, no permissions and no governance. That base is what we put in order — and leave running.

Want to talk through your specific case?

30 minutes of technical conversation, no strings. We tell you what fits, what doesn't and the rough price.

Book a conversationSee pricing
Complete Security (classic + AI) · Implementa