Services
AI-Forward Deploy Engineering
End-to-end deployment of production AI systems: model serving, inference optimisation, MCP server scaffolding, agentic pipeline orchestration, and CI/CD for LLM applications. Built for teams that need AI shipped securely and reliably not just prototyped.
Software & LLM Application Security
OWASP LLM Top 10 hardening, prompt-injection defences, output handling, plugin/agent security review, and threat modelling for production LLM systems.
AI Blue & Red Teaming
Full-spectrum adversarial assessment: offensive red-team exercises covering jailbreaks, MCP-server poisoning, agent lateral movement, and LLM SSRF paired with blue-team detection engineering, defensive hardening, and playbook development to close the gaps found.
Domain-Specific SLMs
LoRA fine-tuning + GGUF quantisation. Sovereign AI built for regulated and resource-constrained environments no GPU, no hyperscale dependency.
Secure AI Adoption
Advisory on secure AI patterns for regulated industries and public sector what to build, what to buy, and what to never put a model near.
Portfolio & Research
Open-source AI security research published under Nguuma on Hugging Face.
Flagship · Security-tuned SLM
Security-Gemma-4-E2B
A security-tuned SLM fine-tuned on a novel dual-axis adversarial dataset covering MCP poisoning, Crescendo jailbreaks, agent lateral movement, and LLM SSRF the next generation of LLM attack surface.
Solved a previously undocumented problem: standard domain fine-tuning quietly degrades chain-of-thought reasoning in smaller models. Training recipe from scratch retained 99% of reasoning quality.
Composite Security Score /10 · 7 areas — Prompt Injection: 6.28 (base 5.80, +0.48); MCP Security: 6.72 (base 4.01, +2.71); RBAC: 6.62 (base 4.16, +2.46); RAG / Memory: 5.49 (base 4.36, +1.14); AI / LLM CVE: 6.27 (base 4.42, +1.86); Sovereign SOC: 5.73 (base 3.14, +2.59); Infrastructure: 6.13 (base 3.60, +2.54). Overall CSS: 6.18 (base 4.21, +46.7%).
28 prompts · heuristic CSS · 95% CI · SP vs GPT-4o = 90.3% (exceeds GPT-4o-mini 88.3%)
Sovereign AI · Clinical Reasoning
Med-SLM
Clinical-reasoning SLM running fully offline in 900 MB of RAM on legacy hardware in a Nigerian health centre no GPU, no internet.
Built with LoRA fine-tuning and GGUF Q4_K_M quantisation the kind of work I call sovereign AI.
All code on github.com/israeltn.
University Research
Funded research at the University of Essex on making cybersecurity accessible and actionable for the organisations most at risk small businesses and SMEs adopting digital technologies.
CyberQuest
Essential Game
An immersive simulation game that places SME managers inside a virtual enterprise. Players navigate real dilemmas around integrating cybersecurity best practices into digital-adoption strategies building intuition no compliance checklist can replicate.
- Targets SME managers facing real digital-adoption decisions
- Guided narrative: imagining a secure digital future
- Partnership between Univ. of Essex and industry
Funded by
CyberSecurityAId
Dynamic Self-Assessment Platform
A self-assessment tool powered by Large Language Models that addresses cybersecurity vulnerabilities of small businesses many of whom lack the resources and expertise for effective cyber hygiene, making traditional certifications unattainable.
- Affordable, accessible cybersecurity guidance for SMEs
- Tailored recommendations for key assets, systems, and processes
- Simplifies complex cybersecurity into actionable steps
Funded by
Both projects conducted under the University of Essex research programme on cybersecurity for SMEs, in collaboration with UKRI and the Department for Science, Innovation & Technology.