What we're focused on right now.
A `now` page · updated quarterly. If you're about to reach out with a question or proposal, this is the snapshot to scan first so you can see whether we're already heads-down in your area or open to a new direction.
- 01ACTIVE ENGAGEMENTS
What's actually shipping
Production-grade RAG pipeline for a Hungarian B2B SaaS · evals + AI Act compliance.
NIS2 readiness audit + fix-PRs for a mid-sized fintech.
Smart contract audit on a DAO treasury system, Foundry + invariant test suite.
Mobile push-notification stack restart for an early Series A startup.
- 02SELF-DIRECTED RESEARCH
Where we're investing time
Prompt injection classifier pipeline · 5 categories, OWASP LLM Top-10 focus.
Dataset baselines for Hungarian-language RAG evals.
AI Act + NIS2 documentation pack templates, so every engagement takes a day not a week.
Speculation Rules + INP case study against a domestic webshop.
- 03WRITING ABOUT
Most active on the blog
AI security audit checklist 2026 · 9 categories, real exploit examples.
LLM prompt injection playbook · 5 attack classes, 5 defences.
Multi-tenant SaaS on Postgres RLS · the full non-negotiable setup.
NIS2 minimum SaaS checklist for Hungarian / EU contexts.
- 04NOT TAKING ON
What we're saying no to right now
Pure consultancy · only when there's code shipping at the end.
Ad-hoc, scopeless work · every engagement starts with a written scope.
GenAI-only chatbot ROAS-chasing · the stack matters more than the marketing trick.
Half-day consults · the two-week audit is our smallest engagement.