Technology and models
The frontier AI models, the security frameworks we actually apply and the stack we build with.
The artificial-intelligence landscape changes every week: new models, new capabilities, new risks. Our craft is not chasing the latest thing, but choosing the right tools for a concrete problem with judgement and shipping them to production securely and maintainably. That is why we don’t tie ourselves to a single vendor and don’t sell “magic”: we sell software that works, and that we understand piece by piece.
We work with the leading frontier labs (Anthropic, OpenAI, Google, Amazon, Meta, Mistral) and with an ecosystem of tools for data, integrations and automation. The method makes the difference: model choice by task, security designed in from the start, and an environment built to last over time, not just a demo that impresses.
The models we use
Hundreds of models on the market: we pick the right one for each task across the frontier labs, without tying ourselves to a single vendor.
There is no single “best model” in absolute terms: there is the model suited to a given task, with the right balance of reasoning, speed and cost. A high-volume data extraction calls for a fast, cheap model; a complex analysis calls for one that reasons deeply. So we route requests across multiple providers, measure output quality and always keep a plan B: if a model changes, degrades or rises in price, the system keeps working. No lock-in, no blind dependence on a single vendor.
The Claude family (Opus, Sonnet, Haiku).
The GPT family.
The Gemini family.
Nova models, served on Amazon Bedrock.
The Llama family, open-weights.
Mistral models, including open-weights.
How we use them
- The right model for the right task: reasoning, speed or cost change the choice.
- Multi-provider routing, with no lock-in to a single vendor.
- Evaluation and fallback: we measure output and always keep a plan B.
The frameworks we apply
Recognised standards, from the web to LLM applications, from the code to the environment.
Security, for us, is not a final coat of paint: it is a design decision made from the start (secure by design). We apply recognised, public frameworks, not invented standards, at every level: OWASP Top 10, API Security and ASVS for the web and APIs; the OWASP Top 10 for LLM Applications and MITRE ATLAS for AI-specific risks, starting with prompt injection; NIST AI RMF and ISO/IEC 42001 for governance; the EU AI Act for transparency obligations. For agents that can take real actions, we add a perimeter, guardrails and human confirmation on sensitive operations.
OWASP Top 10
Web applicationsThe most critical web application risks, from injection to broken access control.
OWASP API Security Top 10
APIsAPI-specific risks: object-level authorization, data exposure, abuse.
OWASP ASVS
VerificationAn application security verification standard to check software in depth.
OWASP Top 10 for LLM Applications
LLM appsRisks of LLM-based applications: prompt injection, data leakage, insecure output.
MITRE ATT&CK
ThreatsThe knowledge base of real-world adversary tactics and techniques.
MITRE ATLAS
AI system threatsThe threat landscape specific to artificial-intelligence systems.
NIST AI RMF
AI risk managementThe framework for identifying and managing the risks of AI systems.
ISO/IEC 42001
AI governanceThe standard for an artificial-intelligence management system.
EU AI Act
RegulationThe European regulatory framework for AI: transparency and obligations for those who build with AI.
Tools and integrations
The technologies and services we build with, continuously updated.
EdenAI
FashnAIAnd many more, continuously updated.
The right tool, not the trendy one
Every technology choice in our projects answers a simple question: does it genuinely help solve your problem? We build the application and the whole environment it lives in (infrastructure, deployment, hardening, observability), because software going live is only the start of its job. We want it to stay secure, understandable and changeable over time.
Not sure what some of these terms mean? We explain them plainly in the glossary. Open the glossary →