Latensgate was started in 2024 by four engineers who had each independently watched a GenAI initiative die in legal review at their previous companies. Each time, the blocker was the same: no way to prove the prompt left the building intact.
We are building the cryptographic guarantee that regulated industries need to actually use modern language models. Not a policy document, not a checkbox in a vendor form. A signed receipt that holds up in an audit.
Four operating principles. Each one has cost us a feature, a contract, or a customer at some point. We keep them anyway.
Every guarantee we make is a verifiable signature, not a clause in a contract. If a claim cannot be expressed as a hash, we do not make it.
New features ship only after we can prove they preserve the existing boundary. We have killed three roadmap items this year for not clearing this bar.
Four people, each owning one cryptographic layer end-to-end. No managers, no abstraction layers between the person who wrote a line of code and the person who answers for it.
SOC 2, HIPAA, GDPR are not paperwork we hand to a consultant. They are protocols we implement, test, and exercise the same way we test cryptography.
We are a small team by design. Confidential compute requires deep specialization and direct ownership; we prefer four people who can each defend their layer over forty who can't.
Former Principal Security Engineer at AWS. Spent eight years shipping confidential-compute primitives inside Nitro and authored two NIST 800-53 control mappings. Started Latensgate after a 2024 banking pilot stalled in legal review for nine months.
Built the cryptographic kernel that powers the enclave. Previously cryptography lead at a Tier-1 European bank where he shipped the first KMS-attested batch settlement system in production. PhD in lattice cryptography, ETH Zürich.
Owns the security posture top to bottom. Led the platform-security org at a 200B-AUM asset manager through SOC 2 Type II and ISO 27001 audits in parallel. Believes good engineering is mostly about saying no to the right requests.
Translates compliance frameworks into product features that ship. Eight years at a Seoul-based fintech taking GDPR, K-ISMS, and PCI DSS from policy to deployable controls. Reads federal register notices for fun.