orq.ai

Most AI agents are still tested like chatbots. But production agents have tools, memory, permissions, APIs, and access to user data. That creates an entirely different attack surface. Prompt injection. Goal hijacking. System prompt leakage. Excessive agency. Multi-turn manipulation. Tomorrow, we’re doing a live walkthrough of how to actually red team AI agents in practice during lunch! We’ll show: • How automated adversarial testing works   • Why standard evals miss agent-specific risks   • Multi-turn attack generation against real agents   • How to interpret resistance rates and vulnerabilities   • A live demo of evaluatorq redteam This is aimed at builders and engineers building or deploying agents in production. No deep security background required. 📅 Tomorrow: 12:00   🕒 45 min + Q&A   💻 Virtual Sign up here below!

Being in control of your agents is a multi-dimensional problem. Quality, costs, performance... but security and compliance are just as important throughout the agent lifecycle. Especially in regulated industries, you need to be able to show the audit trail of your hardening efforts. Agent lifecycles are hours and days now, so how do you keep up? In our upcoming webinar, the orq.ai research team walks through red teaming: what it is, why traditional testing misses agent-specific risks, and how to run automated adversarial testing against your own agents. Link in the comments

Agentic AI is moving from buzzword to boardroom, and we are bringing the practitioners behind that change together. The next edition of ADC's Tech Meetup is open for registration, turning the spotlight on agentic AI in 2026. Two speakers will lead the evening. 🎤 Edward Jansen, Technology and Innovation Lead at ADC, opens with "Agentic AI in 2026, the state of play", mapping the categories that matter, where production deployments are real, and what enterprises should buy versus build, drawn from work with major Dutch and European institutions. 🎤 Bauke Brenninkmeijer, AI Research Engineer at orq.ai, follows with "Red teaming your AI agent before it ships", covering the OWASP LLM Top 10, the new OWASP Agentic AI Top 10, and the attacks that matter once an LLM can act, with walkthroughs from the open source framework his team has built. And there is more. From the moment you arrive, our Demo Marketplace will be open, giving you a chance to take a peek behind the scenes at what ADC is shipping with agentic AI right now, based on real work with clients in complex and regulated industries. 📅 In person at our Amsterdam office, 9 June, 17:00 to 20:00. Seats are limited, reserve yours here: https://lnkd.in/eqyG6tf4

🚨🚨🚨 It's just a router 🚨🚨🚨 Heard this from prospects more times than I can count over the past few months. Spent the weekend debugging edge cases in our AI Router and wrote down what actually breaks when you try to build that router. Reasoning signatures that vanish on the next turn. Tool calls that duplicate side effects on retry. Fallback that silently corrupts conversations. Streaming state machines that finalize blocks too early. Single turn tests pass. Production breaks two turns later. If you are building or buying an AI router, the question is not Can it route? It is What happens on the next turn? Article in comments. ⬇️

Using a US cloud provider's European region doesn't make your AI stack sovereign. 🇪🇺 That's the part most teams get wrong... The US CLOUD Act allows American law enforcement to compel US-headquartered companies to hand over data stored abroad, including data sitting in Frankfurt or Amsterdam. If your LLM provider is incorporated in the US, your prompts are subject to US jurisdiction regardless of where the servers are physically located. This matters now. GPAI model obligations under the EU AI Act have been enforceable since August 2025. Full high-risk enforcement lands in August 2026. GDPR fines in 2025 alone reached €2.3 billion, a 38% increase year over year. The window to address this proactively is closing. ⏳ The architecture question isn't "where is the data stored?" It's "who controls the stack, and under which jurisdiction?" True data sovereignty for AI requires three things: inference staying inside EU jurisdiction, minimal retention by design, and a routing layer that can demonstrate what happened to every prompt at every step. That last part is the product design problem. Observability isn't just an engineering discipline. It's the mechanism that makes compliance auditable. A call you can't trace is a call you can't prove was handled correctly. 🔍 At orq.ai, routing policies can restrict traffic to compliant endpoints, enforce Zero Data Retention per route, and log every call in a way that survives regulatory scrutiny. Not as an account-level setting, but per policy, per team, per use case. Sovereignty isn't a checkbox. It's an architecture decision made at the routing layer. #DataSovereignty #EUAIAct #GDPR #LLMOps #AICompliance #ProductDesign #orqai #AIInfrastructure

Our co-founder Sohrab was on the Marketing From Zero To One podcast to discuss the origins of orq.ai Spotify link in the comments.