We audit, harden, and red-team the LLM and agent systems your business depends on. Built by engineers who run their own.
Focused engagements for companies deploying AI in production, plus secure-by-default custom software development for teams without a dedicated security hire.
A focused security review of one AI-related code change or feature — up to 500 lines, or a single PR/feature. Written findings on prompt injection, tool privilege, and context leakage. Trial-size engagement; perfect first step.
One AI feature or agent system, fully reviewed. Findings across the three core categories: trusted-channel injection, tool privilege drift, context bleed. Severity-ranked report with remediation guidance and a debrief call.
For teams building an agent system who want it modeled before they ship, not after. Trust-boundary analysis, privilege flows, blast-radius mapping, and concrete recommendations on tool design, sandboxing, and approval gates.
The full version — for companies with multiple AI features or higher stakes (B2B SaaS with AI, regulated industries, sensitive data). Up to 3 product surfaces, threat model document, live red-team session, code-level remediation playbook, 30-day follow-up.
Production applications built secure-by-default. Mobile, desktop, and web — across Unity, .NET MAUI, Android (Kotlin/Java), and modern web stacks. Security and reliability baked in from the first commit, not bolted on at the end.
For companies that want ongoing access to security expertise without hiring a full-time security engineer. ~16 hours/month of code review, architecture consults, and ad-hoc questions, with 1-business-day response time.
Most security firms have never shipped a production agent. Most ML teams have never written a threat model. We sit in the overlap — and that's the only place this work can be done well.
The systems we've built in-house aren't side projects. They're the same architectures your team is racing to deploy, which means we know where they break before you do.
See the full portfolio at /labs/ — agent systems, fine-tuned models, and shipped consumer apps.
Production agent system featuring snapshot rollback, file-lock management, circuit breakers, streaming hub, and auto-verification. Live across CLI, VS Code, and desktop interfaces.
Fine-tuned local language model served via REST API. Designed and operated end-to-end on a self-hosted inference stack — the same kind of deployment we audit for clients.
A production D&D AI assistant on Android, running on the same self-hosted Klaus inference stack. Real users, real load, real failure modes — the kind of operational experience most security consultants don't have.
Bachelor's in Cybersecurity. Hands-on engineering across Unity, .NET MAUI, Android (Kotlin/Java), and game-server architecture. Solo-built every system listed above.
The Klaus Project, LLC is a software and cybersecurity consultancy. We work primarily with companies deploying AI systems and small-to-mid teams that need security expertise without a full-time hire.
We're deliberately small. That means engagements are run by the engineer doing the work, not handed off to a junior. It also means we say no to projects we're not the right fit for — which is the only way to consistently be the right fit for the ones we take.
Free 30-minute discovery calls for AI security and software engagements. No sales pressure, no boilerplate — just a real technical conversation about whether we're a fit.