AI systems trusted by global organizations from highly regulated industries
Security, Privacy and Sovereignty at ONTEC AI
Built on decades of security expertise
Security is not an afterthought but the guiding principle that shapes all ONTEC AI solutions and services, ensuring that data protection, privacy, and compliance are never compromised.
For more than 20 years, ONTEC has operated with a security-first mindset, maintaining robust, certified Information Security Management Systems (ISMS) and adhering strictly to confidentiality, integrity, and availability principles
Based in Europe, trusted by leading European organizations
Our background
ONTEC AI is a proud sub-brand of ONTEC AG and part of the renowned TEC-Gruppe network — a hub of top-tier expertise in secure IT systems, cyber security and security consulting. This connection provides ONTEC AI with a exceptional foundation of trust and technical excellence. The IT service team of ONTEC AG is ISO 27001 certified, works in compliance with ITIL, and has been audited according to ISAE 3402.
Backed by our network, we are deeply committed to data security, privacy, and responsible technology practices, ensuring your information is safeguarded to the highest standards. These strong roots empower ONTEC AI to deliver innovative, powerful solutions while keeping your security and compliance needs at the forefront.
GenAI and Machine Learning practices
Developing AI, especially Generative AI and Machine Learning, brings unique challenges beyond traditional software development.
Protecting model and artifact
We secure models with access controls, integrity checks, and regular updates to prevent tampering.
Monitoring and auditing continuously
We monitor data integrity, detect unusual activity, and track model usage to prevent security risks.
Detecting and preventing harmful bias
We use diverse data, ensure explainability, and follow ethical AI practices to prevent bias.
Defending against data poisoning and backdoors
We implement data validation, adversarial training, access controls, and robust algorithms to mitigate risks.
Defending against prompt injection attacks
We protect against input manipulation that could override AI behavior or expose sensitive information.
Preventing privacy leakage
We audit models to prevent data leaks, ensure GDPR compliance, and safeguard sensitive information.
Preventing model stealing
We protect proprietary models from extensive querying to prevent intellectual property theft.
Using secure APIs
We secure AI model APIs with strong authentication methods to prevent exploitation and costly breaches.
AI-augmented attacks
We monitor for AI-driven threats like phishing and fraud to detect and prevent malicious activities at scale.
We address security risks in agentic AI, including data leakage, authentication gaps, and unauthorized access.
ONTEC AI has built-in protection against cyber attacks on LLMs
Our platform is particularly robust against many of the known attacks on LLMs. Cyber attacks on LLMs often work via so-called “prompt injection”, where the model is manipulated through a crafted prompt to do something unintended. This can lead to unauthorized information being revealed. ONTEC AI has a fixed built-in protection against such attacks.
At ONTEC AI, we understand that security and compliance are non-negotiable for modern organizations. That’s why we embed robust security practices into every stage of our AI solutions.
Tamás Molnár, MLOps Engineer, ONTEC AI
Data sovereignty at ONTEC AI
Flexible hosting: Choose between secure EU-based cloud or on-premise deployment for full jurisdictional control – or combine both.
Role-based access: Control who accesses sensitive data with customizable permissions.
Advanced anonymization: Safeguard personal information with robust anonymization features.
Cyberattack protection: Built-in defenses against prompt injection and attacks targeting AI systems.
Seamless integration: Adapts to existing IT infrastructure, including legacy systems.
Transparent governance: Maintain visibility and control over how data is stored, processed, and accessed.
AI systems that don’t compromise security
We consider security through the whole software development lifecycle, starting when planning the software and requirements.
We design with security principles
We use standard protocols and tools
We encrypt data during transit and at rest
We adopt secure coding practices
We regularly update third-party libraries
We regularly review and update third-party libraries
We educate staff about security
We manage all code in secure, access-controlled repositories
We monitor logs for suspicious activity and address vulnerabilities quickly
We defined processes how to act quickly on security threads
At ONTEC AI, we leverage cutting-edge tools like DependencyTrack, Trivy, and SonarQube to ensure top-notch security, seamless performance, and robust code integrity.
Our core privacy practices
Privacy in software development means embedding strong data protection principles throughout the entire development process, ensuring that personal data is handled securely and in compliance with regulations such as the GDPR.
Privacy by design and default
We embed privacy considerations into every phase and ensure default settings prioritize protection.
Data minimization and purpose limitation
We embed practices to collect only essential data and use it strictly for stated purposes.
User consent and control
We embed processes to obtain explicit user consent and provide tools for managing privacy settings.
Transparency
We ensure clear communication about data usage, retention, sharing, and security practices for users.
Data subject rights
We enable users to access, correct, delete, and transfer their data in compliance with laws.
Security measures
We safeguard data with encryption, access controls, audit logging, and regular vulnerability assessments.
The protection of your data is our top priority. We have implemented comprehensive measures to safeguard your personal information and manage it securely.
Data protection
We are fully GDPR & DSGVO compliant.
We meet all requirements of the General Data Protection Regulation (GDPR) and the German Data Protection Regulation (DSGVO) to ensure the best possible protection of your data.
Our data protection policies are transparent and clearly outlined in our privacy policy.
We collect and process various types of data to provide our services to you:
We collect: ✓ Customer-related personal data ✓ Employee-related personal data
We do not collect: ✖ Credit card information ✖ Personal health information
Your data is safe with us and is handled in accordance with applicable data protection regulations.
Information Security
Our information security policy ensures that your data is protected and securely managed. For detailed information about our information security policy, feel free to contact us directly.
Our data centers are designed to ensure the highest security and availability of your data. We offer flexible hosting options tailored to your needs and preferences.
Primary Data Center in Europe: Our main data center is located at Anexia, with a backup site in our Vienna office, where we securely and reliably manage your data.
Azure Cloud: In addition, we utilize the Azure Cloud to provide our customers with scalable and highly available cloud solutions.
Your Data, Your Control: We offer hosting options based on our customers’ preferences, giving you full control over your data.
Your data is secure with us at all times. For more information about our security measures and data centers, we are happy to assist you.
Yes, the ONTEC AI Platform is fully privacy-compliant. Internal data is protected through features like anonymization and data governance / strict access rights.
Is ONTEC AI suited for European companies?
Yes, ONTEC AI is built to uphold strict European data protection standards for privacy and security. ONTEC AI develops solutions that are made for European companies. ONTEC AI is based in Vienna, Austria, and an ideal provider for European organizations. All IT-systems meet the strict European data protection guidelines.
What are ONTEC AI’s key focus areas in security and emerging AI technologies?
At ONTEC AI, we are committed to staying ahead of the curve in AI security and innovation. Here are our key focus areas:
NIS2 Compliance: We are preparing to support the NIS2 Directive, ensuring our solutions meet stringent European cybersecurity standards.
Machine Learning Security: While we leverage machine learning to enhance our solutions, we address its unique security challenges, such as data poisoning, adversarial attacks, and model theft.
Generative AI (GenAI): As our primary focus, we tackle the security risks of GenAI, including prompt injection, privacy leakage, and model theft, while delivering cutting-edge solutions.
Agentic AI and MCP Protocol: We are actively exploring these emerging topics, addressing concerns like data leakage, unauthorized tool access, and the lack of robust authentication and authorization standards in the MCP protocol.
By focusing on these areas, ONTEC AI ensures that our solutions are secure, compliant, and ready to meet the challenges of tomorrow.
What are the key implementation steps for ensuring data privacy compliance?
Conduct Data Privacy Impact Assessments (DPIA) for new projects or major changes.
Maintain up-to-date records of personal data processing activities.
Perform regular audits and privacy-focused testing to verify compliance.
Use privacy management tools to discover, classify, and manage personal data and user consent.
By following these steps, organizations can comply with legal obligations, foster user trust, and minimize privacy risks.
