Perspectives from the field.
Writing on IS auditing, penetration testing, European regulatory compliance, and enterprise SaaS development — from a team that does this work daily.
What the EU AI Act Means for SaaS Products Operating in Europe
The EU AI Act classifies certain AI applications as high-risk, requiring conformity assessments, transparency obligations, and human oversight mechanisms. Here is what European SaaS teams need to address before their next deployment.
Red-Teaming AI Systems: Our Methodology for Adversarial Security Testing
Prompt injection, data exfiltration through context manipulation, jailbreaks — AI systems introduce attack surfaces that traditional security tooling was not built to find. Our methodology for adversarial testing of AI implementations before they reach production.
From Raw Scan to Executive Report: Automating Pentest Documentation
Penetration test reports are among the most time-intensive deliverables in security work. We describe how we automate the synthesis of vulnerability data, CVSS scores, and remediation guidance into structured, client-ready documentation.
The Real Cost of a Data Breach in 2025: $4.88M Global Average
IBM's annual Cost of a Data Breach report records the highest global average since 2006. Healthcare reaches $10.93M. AI security tools save an average of $2.22M per incident. What the data says about where the costs come from and what reduces them.
GDPR Enforcement in 2025: €7.1 Billion in Fines and What Changed
Cumulative GDPR fines crossed €7.1 billion through 2025. TikTok's €530M penalty, Meta's €1.2B record, and a shift in DPA enforcement strategy — what the data tells us about where enforcement is heading.
The IS Audit as a Competitive Advantage
Most organisations treat IS audits as a compliance checkbox. The firms that use audit findings to drive architectural decisions consistently outperform their peers on security posture. Here is how to turn a mandatory exercise into a strategic one.
Building Law4Devs: Making 19 EU Regulations Queryable as Structured JSON
Law4Devs makes GDPR, NIS2, CRA, AI Act, DORA, and 14 more EU frameworks queryable via REST API and SDKs in 6 languages — sourced verbatim from EUR-Lex. This is what we learned building a developer-first compliance platform on 100% European infrastructure.
More coming soon.
We publish on IS auditing, regulatory compliance, and enterprise security.