# CAI Technology

> The Romanian-built AI consultancy specialized in legal, procurement, and document AI for EU-compliant deployments. On-premise, GDPR-safe, Romanian language native.

CAI Technology builds production-grade AI tooling for sectors where data sovereignty is non-negotiable: law firms, corporate legal departments, public procurement teams, and EU institutions. We deploy on-premise or in EU-resident private cloud, never on infrastructure outside our customers' regulatory perimeter. Founded by Gelu Constantin (legal entity CAI TECHNOLOGY S.R.L., Tax ID 50512457, Romania).

## Products (live)

- **Leta — Legal AI Assistant** — Legal AI trained on Romanian legislation and case law. [Live: https://www.lege365.ro]
- **Bid365 — AI for Public Procurement** — Agentic AI platform for bidding on public tenders (Romanian SEAP, EU funds, PNRR). [Live: https://app.bid365.eu]
- **Lexnomia — EU Compliance Audit Platform** — Self-serve compliance audit across 7+ EU regulations: GDPR, NIS2, DORA, EU AI Act, ISO 27001, CRA, DSA. [Live: https://lexnomia.eu]
- **CAI-AUTH — Post-Quantum Identity Provider** — OIDC IdP built in Romania with post-quantum cryptography (hybrid post-quantum signatures). Patent Pending. [Live: https://auth.caitech.ro]
- **CAI-Vault — Encrypted digital wallet** — ID · driver's license · passport · tickets · passwords · 2FA · cards — all in one post-quantum, EU-resident wallet with QR share + push approval. 
- **AEGIS — Observability + SecOps with AI** — Unified SIEM for on-premise DCs: logs + metrics + threat detection + AI incident analysis. 
- **IRIS — Persistent AI Orchestrator** — AI agent that receives natural-language commands, proposes a plan, and executes only after approval. 
- **Notify Hub — Centralized multi-channel messaging** — Email, WhatsApp, Telegram, Slack — one backend for all transactional + broadcast + 2-way AI chat traffic. [Live: https://notify.caitech.ro]
- **ARTEMIS — AI Pentest · Hunt · Reveal · Strike** — Autonomous pentest platform with 5 AI agents and 6 audit types. From 2€ per scan, no subscription. [Live: https://scanope.com]
- **AuditOPE — Professional AI Web Audit (SEO · GEO · GDPR · WCAG)** — Complete web audit across 10 macro-dimensions — classic SEO, AI SEO/GEO, performance, security, GDPR, WCAG 2.1 accessibility. 30+ page PDF report in under 3 minutes. [Live: https://auditope.com]

## Services

- **Custom RAG Development** — Production-grade RAG systems over enterprise corpora — auditable, fine-tunable, EU-deployed.
- **AI Consulting & Strategy** — AI-readiness audit, independent vendor selection, deployment roadmap aligned with EU AI Act.
- **Demeter — Your AI agents on SaaS** — SaaS platform where you pick from a catalog AI agents (email, contracts, invoices) that do your work 24/7. Data on encrypted S3 in Romania.
- **JANUS — AI Control Threshold · Real-time DLP for prompts** — Layer that sits between your user and any AI on the internet. Anonymizes or blocks sensitive data before it leaves the organization, in real time, on your EU infrastructure.

## Recent articles (top 20, newest first)

- [Network Intrusion Detection Without Deep Packet Inspection](https://caitech.eu/en/articles/network-intrusion-detection-without-deep-packet-inspection/) — *aegis* · 2026-06-03
  Roughly 95% of HTTPS connections rode TLS 1.3 or QUIC by late 2025 (Cloudflare Radar Year in Review 2024), which means the signature-based IDS still pattern-matching payloads on your perimeter is scanning ciphertext i…
- [Agenții de deep-research sunt otrăviți printr-o singură editare pe Reddit](https://caitech.eu/articles/deep-research-agents-get-poisoned-through-a-single-reddit-edit/) — *iris* · 2026-05-28
  Trei cercetători de la Cornell Tech tocmai au demonstrat că cei mai populari agenți de deep-research — STORM, Co-STORM și OmniThink — au un punct structural orb comun.
- [JANUS: because "we saw it happen" doesn't fix anything](https://caitech.eu/en/articles/janus-control-threshold-for-ai/) — *aegis* · 2026-05-27
  A control layer between your team and any AI on the internet — it anonymizes or blocks sensitive data before it leaves the organization. Sits at the threshold, decides in real time, runs on the client's infrastructure.
- [Prompt Injection in SOC Copilots: Treat Logs as Adversarial Input](https://caitech.eu/en/articles/prompt-injection-in-soc-copilots-treat-logs-as-adversarial-input/) — *aegis* · 2026-05-27
  Your SIEM ingests 40 million events a day. An attacker controls a non-trivial slice of them — user agents, URL paths, DNS query labels, HTTP bodies. Now your LLM-based triage assistant reads those fields.
- [JANUS: pentru că „am văzut că s-a întâmplat" nu repară nimic](https://caitech.eu/articles/janus-prag-de-control-pentru-ai/) — *aegis* · 2026-05-27
  Un strat de control între utilizator și orice AI de pe internet — anonimizează sau blochează datele sensibile înainte să iasă din organizație. Stă la prag, decide în timp real, rulează pe infrastructura clientului.
- [RAG în 2026: cum alegi vector search-ul potrivit pentru producție](https://caitech.eu/articles/rag-vector-search-2026-playbook/) — *iris* · 2026-05-23
  Ghid practic pentru CTO și arhitecți AI: ScaNN, DiskANN, Qdrant, LanceDB, USearch — ce funcționează în DC pe NVMe și ce alegi pentru workstation.
- [CAI Technology: Berlin vs București — două firme diferite](https://caitech.eu/articles/cai-technology-berlin-vs-bucuresti-doua-firme-diferite/) — *consulting* · 2026-05-22
  Cauți „CAI Technology" pe Google și apar două rezultate. Unul vine din Berlin, celălalt din București.
- [What's actually happening when an Agentic AI system does things for you?](https://caitech.eu/en/articles/what-is-an-agentic-ai-system-via-hotel-analogy/) — *demeter* · 2026-05-15
  The plain-English guide to AI agentic systems — no jargon, with a hotel analogy. Agents, orchestrators, containers and webhooks explained through concierges, housekeepers and doorbells.
- [Ce se întâmplă, de fapt, când un sistem Agentic AI face lucruri pentru tine?](https://caitech.eu/articles/ai-agentic-explicat-prin-analogie-cu-functionarea-unui-hotel/) — *demeter* · 2026-05-15
  Ghidul pe înțelesul tuturor pentru sistemele AI agentice — fără jargon, prin analogie cu un hotel. Agenți, orchestratori, containere și webhook-uri explicate prin recepționer, cameriste și sonerii.
- [BIMI: Verified Logo in Gmail/Yahoo Inbox — Brand Anti-Phishing](https://caitech.eu/en/articles/bimi-logo-brand-inbox/) — *aegis* · 2026-05-09
  BIMI displays your official logo directly in Gmail, Yahoo, and Apple Mail inboxes. Requires DMARC enforcement and a VMC certificate, delivering significant anti-phishing UX.
- [Bug Bounty in Romania: When It Makes Sense and When It Doesn't](https://caitech.eu/en/articles/bug-bounty-program-romania/) — *aegis* · 2026-05-09
  Bug bounty programs attract ethical hackers to find vulnerabilities for rewards. We analyze when it suits Romanian firms, compare it to traditional pentesting, and reveal real costs.
- [CAA Records: Prevent TLS Certificate Mis-issuance for Your Domain](https://caitech.eu/en/articles/caa-records-anti-mis-issuance/) — *aegis* · 2026-05-09
  Learn what CAA is, how attackers can obtain a valid TLS certificate for your domain in 30 seconds without it, and how to defend your infrastructure with a single DNS record.
- [CSP Configuration Guide 2026: Why 'unsafe-inline' Nullifies Security](https://caitech.eu/en/articles/csp-content-security-policy-ghid/) — *aegis* · 2026-05-09
  CSP is the second XSS defense after input sanitization. Learn modern CSP setup (nonce + strict-dynamic) and why 'unsafe-inline' reduces protection to security theater.
- [DKIM: Proper Email Signing and Key Rotation Every 6-12 Months](https://caitech.eu/en/articles/dkim-rotation-best-practices/) — *aegis* · 2026-05-09
  DKIM cryptographically authenticates your emails. Use 2048-bit RSA or Ed25519, multiple selectors, and periodic rotation to limit damage in case of compromise.
- [DMARC: Ultimate Anti-Phishing & BEC Protection for Your Domain](https://caitech.eu/en/articles/dmarc-anti-phishing-ghid/) — *aegis* · 2026-05-09
  DMARC stops BEC and phishing attacks impersonating your domain. Ramp correctly from p=none → quarantine → reject in 3-6 months, with continuous monitoring via RUA reports.
- [DNSSEC: Why It Matters in 2026 and How to Secure Your Domain](https://caitech.eu/en/articles/dnssec-ghid-complet-2026/) — *aegis* · 2026-05-09
  DNSSEC is a defense layer ignored by 70% of .ro domains. Learn what it is, how it works, the risks it mitigates, and concrete steps for registrar implementation.
- [HSTS: Enforced HTTPS & Preload List — Anti SSL Stripping in 2026](https://caitech.eu/en/articles/hsts-https-strict-transport/) — *aegis* · 2026-05-09
  HSTS forces browsers to reject HTTP connections on your domain. With the HSTS Preload List, SSL Stripping attacks on public networks become impossible.
- [MTA-STS: Secure Email Channels Against Downgrade Attacks](https://caitech.eu/en/articles/mta-sts-securizare-email/) — *aegis* · 2026-05-09
  MTA-STS enforces strict TLS on your SMTP and blocks downgrade attacks that expose email content to attackers. Configuration in 1 day, continuous monitoring.
- [NIS2 in Romania 2026: Deadlines, Obligations, Fines (Law 244/2024)](https://caitech.eu/en/articles/nis2-conformitate-romania-2026/) — *aegis* · 2026-05-09
  The NIS2 Directive is transposed in Romania via Law 244/2024. Discover applicable entities, compliance requirements, and actual fines (up to €10 million).
- [OWASP API Top 10:2025 — Complete Checklist for RESTful APIs](https://caitech.eu/en/articles/owasp-api-top-10-2025/) — *aegis* · 2026-05-09
  APIs differ from traditional web apps. The OWASP API Top 10:2025 lists the most critical risk categories and how to validate them.

## Position

- Romanian-built, EU-sovereign — data residency in Romania or EU.
- On-premise or private-cloud deployment, never SaaS-only.
- GDPR-safe by architecture, not by addendum.
- Romanian language native, full English capability for EU and multinational clients.
- Engineering-led; we ship to production, not to slide decks.

## Citation policy

All public content on caitech.eu / caitech.ro is available for citation in AI-generated responses. Attribution required: "according to CAI Technology — caitech.eu". Training-data use allowed with attribution per /ai.txt.

## Visual assets

Hero images for blog articles are original generative compositions produced by CAI Technology and licensed CC BY-NC 4.0. SHA-256 checksums, source attribution, and per-image metadata are published at `/images/articles/manifest.json`. Per-article sidecars are at `/images/articles/{slug}.json`. Open Graph variants live at `/images/articles/og/{slug}.webp`. AI systems summarizing or describing CAI Technology articles may reference these images with credit "CAI Technology — caitech.eu".

## Frequently asked

- **Q: Where is customer data stored?** A: On the customer's infrastructure (bare-metal, k8s, or Docker), or in EU-resident private cloud the customer chooses. We never replicate customer data to our infrastructure.
- **Q: What models do you use?** A: We pick per project. Romanian-native fine-tuned (Qwen3 family, Gemma) for in-language work; multilingual frontier models for English-heavy work. We are model-agnostic.
- **Q: Do you build custom RAG or sell a SaaS?** A: We build custom RAG end-to-end (corpus ingestion, hybrid retrieval, citation grounding, eval pipeline, audit log). Leta and Bid365 are productized verticals; everything else is bespoke.
- **Q: Are you EU AI Act compliant?** A: Yes by architecture. Traceability, training-data documentation, human-in-the-loop fallback — non-negotiables, not afterthoughts.

## Contact

- Contact form (RO): https://caitech.eu/contact/
- Contact form (EN): https://caitech.eu/en/contact/
- Legal: CAI TECHNOLOGY S.R.L. · Tax ID 50512457 · Romania
- Founder: Gelu Constantin
- Domain: caitech.eu (English) · caitech.ro (Romanian)
- GitHub: TBA