OPEN-SOURCE · SELF-HOSTED · AIR-GAP READY

Catch the threat.
Assess the harness.
Seal the evidence.

Securix blocks the attacks, PII and unsafe output your AI faces at the edge, red-teams its own guardrails to prove they hold, then turns every result into audit-grade, EU AI Act-ready evidence. One self-hostable platform.

Runs on your infra No data leaves your network Docker Compose up
inspection gate → evidence ledger live
INCOMING · /v1/guard "summarize this doc…" "ignore previous instructions…" "my SSN is 41•• ••••" "translate to Turkish" COMPLY · POSTURE .86 EU AI Act · high-risk 21 met 10 partial 2 gap prompt pii mod links agent ■ BLOCKED req 8f3c…a91 prompt-attackconfident pii2 masked moderationclear policyL3 · fail-closed EVIDENCE LEDGER · Art. 12 08:14:02 block prompt-attack └ 8f3c…a91 08:14:59 block agent-actions └ a24b…c07 ✓ chained 08:15:40 mask pii · 2 └ b6f1…e2a SX
One platform, three jobs

The runtime that defends your AI, the red team that tests it, and the governance that proves it.

Most teams bolt a guardrail onto one side and a compliance spreadsheet onto the other, and never attack either. Securix makes them one system: the protection running in production is the fabric you red-team for weaknesses, and the fabric that generates your conformity evidence.

Guard · runtime protection

Stop the attack before the model sees it.

Five detectors screen every message in-line, fail-closed by design.
  • Five detectors: prompt-attack, PII, moderation, unknown-links, agent-actions, each with tunable sub-thresholds.
  • Verbal-confidence verdicts: a policy engine turns raw scores into likely or confident decisions per L1-L4 sensitivity.
  • Redact-and-forward: mask PII in place instead of blocking, so safe requests still flow.
  • Fail-closed: if a required detector isn't ready, the request is refused, not waved through.
Probe · adversarial testing

Break your own guardrails, on purpose.

DeepTeam-driven campaigns measure how often attacks get past Guard.
  • Attack-success-rate, A/B: each run scores ASR against the bare model versus behind Guard. On the committed OWASP-LLM run: 87.5% → 0%.
  • Real adversaries: prompt-injection and data-leakage attacks mapped to the OWASP LLM Top 10, in English and Turkish.
  • Pass / approaching / fail: per-category thresholds gate every campaign, so "secure" is a number, not a claim.
  • Feeds your evidence: results flow straight into EU AI Act Article 15 robustness evidence. The same fabric, again.
Comply · governance

Compliance that fills its own evidence.

EU AI Act classification and a control catalog that reads from what's actually running.
  • 33-control catalog across EU AI Act, ISO 42001, NIST AI RMF, OWASP LLM, and GDPR-KVKK.
  • Auto-mapped evidence: Guard's audit stats and eval reports populate conformity evidence, with no manual screenshots.
  • Weighted posture score with trend snapshots and continuous compliance-as-code monitoring and alerts.
  • Annex IV in one click: technical documentation exported to PDF or DOCX, air-gap safe.

Built for teams that must defend their AI, technically and legally.

Four convictions the whole platform is built on. None of them are marketing; each maps to a line of code you can read and a regulation you can cite.

01DEPLOYMENT

Docker Compose is the product

Self-host on-prem or fully offline. Nothing phones home; regulated and air-gapped environments run the exact stack everyone else does.

02INTEGRITY

Tamper-evident audit fabric

Every screening is written to a hash-chained ledger: the Article 12 record-keeping obligation, satisfied and independently verifiable.

03REACH

Multilingual by default

In-house fine-tunes: multilingual prompt-attack at F1 0.97 on Turkish, plus a Turkish content-moderation model. Language routing keeps English served unchanged.

04HONESTY

Evidence, not checkboxes

Governance is derived from the eval harness and live audit stats, so your attestation stays true to the model in production, with real pass / approaching / fail gates.

By the numbers
5
runtime detectors, fail-closed
33
controls across five frameworks
0.97F1
Turkish prompt-attack accuracy
2
open models on Hugging Face
EU AI Act ISO/IEC 42001 NIST AI RMF OWASP LLM Top 10 GDPR · KVKK
The founders

Three PhDs, one conviction: AI security and governance belong in the same system.

Chief Executive OfficerCEO

Dr. Kasım Öztoprak

Originated Securix: the founding vision, and the person steering the company.

Chief Prompt OfficerCPO

Dr. Yusuf Kürşat Tunçel

Owns the product and the models, from detector design to the multilingual fine-tunes.

Chief Data OfficerCDO

Dr. Semih Yumuşak

Owns the data: corpora, evaluation, and the pipelines the whole platform is measured against.

Deploy the guardrail. Prove it holds. Seal the evidence. One stack.

$ docker compose up  ·  your infra  ·  your data  ·  your audit trail