HomeAI OfferingsAuditCase studiesAboutContact
BLOG

How we think about AI security and production AI.

Technical writing from the team — on what breaks in production AI, how DPDP Act and RBI FREE-AI apply to your stack, and what shipping AI to paying customers actually looks like. No thought leadership. No hype. Specific, useful, cited.

All 6AI SECURITY 3COMPLIANCE 2AI ENGINEERING 1CASE STUDY 0
AI SECURITY10 min

The five security holes every vibe-coded app ships with

Lovable, Bolt, Cursor, and v0 ship the same five vulnerabilities every single time. Specific, reproducible, and exactly what an attacker looks for first.

Read the post →
COMPLIANCE8 min

DPDP Act 2023 and AI: what "Data Fiduciary" actually means for your startup

Plain-English walkthrough of when an AI system makes you a Data Fiduciary under DPDP Act 2023, what the obligations are, and what the ₹250 crore penalty actually attaches to.

Read the post →
AI SECURITY12 min

Why RAG pipelines leak — and how to test yours

Cross-tenant retrieval leakage is the most under-diagnosed vulnerability in production RAG systems. Where namespace isolation breaks, what to test, and how to fix it at the architecture level.

Read the post →
COMPLIANCE10 min

RBI FREE-AI explained: what India's AI banking regulation actually requires

Plain-English breakdown of RBI FREE-AI — the 7 Sutras, the 6 pillars, Annex V and VI templates, and the 4-phase rollout. What NBFCs and banks need in place before Phase 3 mandatory audit.

Read the post →
AI SECURITY10 min

Prompt injection is not theoretical — here is what a real attack chain looks like

A complete, sanitised indirect prompt injection chain — from a poisoned document through a RAG pipeline to user-data exfiltration. How it propagates, how to detect it, how to fix it.

Read the post →
AI ENGINEERING10 min

What "production-ready" AI actually means (and why your demo isn't it)

The specific list of things that separate a working demo from an AI system you can run for paying customers — auth, monitoring, rate limits, escalation, and the unglamorous work the demo skipped.

Read the post →
BOOK A DISCOVERY CALL

30 minutes. No pitch.