— 01 / Flagship product
HexaSec AI Assurance Gate
Test, harden and evidence LLM and RAG-enabled assistants before release. Structured scenario packs, deterministic detectors, policy checks and audit-ready evidence packs.
UK · AI assurance & cyber security
High-trust AI and cyber security tools for sensitive environments.
HexaSec is a UK-based AI and cyber security company building local-first, evidence-led tooling for AI assurance, defensive testing and secure adoption in regulated and defence-aligned environments.
Local-first
Deployment model
Evidence-led
Assurance approach
Defensive
Research focus
Why HexaSec exists
We exist to make advanced AI and cyber security systems safer to deploy.
Organisations are adopting AI assistants, RAG workflows and automated security tooling. Before these systems touch sensitive data or operational workflows, teams need assurance, evidence, control and a defensible record of how they were tested.
HexaSec builds the tools, scenarios and evidence models that let security and AI engineering teams move with confidence — locally, deterministically, on terms they control.
01AI assurance
Pre-release
02Cyber security testing
Repeatable
03Defensive simulation
Controlled
04Local-first deployment
Sovereign
05Evidence-led engineering
Auditable
06Secure-by-design products
From day one
07Research-led development
R&D
What HexaSec is building
A focused first product, a wider direction.
HexaSec is starting with one flagship product — the AI Assurance Gate — and building towards a broader portfolio of defensive AI and cyber security tooling.
— 02 / Direction
Defensive AI & cyber security tooling
Local-first products for cyber defence, adversarial testing, controlled simulation and security validation — informed by the assurance work we do today.
— 03 / How we work
Research-led security engineering
Security products informed by AI research, cyber practice, assurance thinking and controlled experimentation — not vendor narrative.
Why it matters
AI is moving into real workflows faster than assurance is.
LLM assistants are being connected to internal tools, documents and policy decisions. The surface for prompt injection, data leakage, poisoned retrieval and unsafe tool actions is growing — and existing assurance models were not designed for it.
Regulated and sensitive environments cannot rely on vendor claims alone. They need repeatable testing, local-first execution and evidence reviewers can inspect.
01
AI assistants are touching real workflows
LLMs are connected to retrieval indexes, tools, ticketing systems and internal knowledge — far beyond chat.
02
Vendor claims are not assurance
Security teams need their own repeatable tests, run on their own data, in their own environment.
03
Cloud-only is not always an option
Sovereign, regulated and defence-aligned environments require local-first execution and inspectable artefacts.
04
Evidence has to outlive the meeting
Procurement, change control and audit need durable artefacts — not screenshots and vibes.
Product spotlight · AAGExplore AI Assurance Gate
Release assurance for LLM and RAG-enabled assistants.
AI Assurance Gate runs structured security scenarios, applies deterministic detectors and policy checks, and produces a gate decision plus an audit-ready evidence pack — locally.
→Test AI assistants before release
→Detect prompt injection, data leakage, poisoned retrieval, unsafe tool actions
→Deterministic checks — not black-box judgement
→Local-first and offline-friendly
→Evidence packs for assurance, procurement and change control
→Re-test on every model, prompt, policy, tool or corpus change
Gate decision · run #0247
2026-05-20 · 14:02 UTC
GO
Illustrative example — not a live customer run
Evidence bundle · contents
- manifest.json34 lines
- results.ndjson188 scenarios
- policy.decisions12 checks
- tool.traces14 calls
- retrieval.traces72 lookups
- assurance.graphsigned
- report.htmlprintable
Illustrative example — not a live customer run
How HexaSec works
Five operating principles.
These shape every product decision — what we build, what we refuse to build and how we ship.
01
Local-first
Runs in environments where data control matters. No mandatory phone-home, no cloud dependency.
02
Evidence-led
Produces artefacts reviewers, customers and security teams can read, verify and store.
03
Deterministic
Clear checks and policy logic — not opaque scores from a black-box judge model.
04
Security-focused
Built from a cyber security and assurance perspective, with adversarial thinking by default.
05
Responsible
Focused on defensive, controlled and ethical use. Not a toolkit for live offensive operations.
Who HexaSec is for
Teams who need control, evidence and trust.
HexaSec is built for organisations where AI and cyber security decisions need to be defensible — to regulators, to customers, to leadership, and to themselves.
Defence & defence supply chain
Regulated organisations
AI engineering teams
Security engineering teams
SOC & IR teams
Cyber security consultancies
Critical infrastructure operators
Teams deploying AI assistants
Direction
Where HexaSec is heading.
HexaSec is building towards a broader suite of AI and cyber security tools for high-trust environments. We do not announce products before they are ready — what is shown below is direction, not commitment.
Notation · ▣ available · ◐ in pilot · ◯ in research
Now
AI Assurance Gate — pre-release testing for LLM/RAG assistants
◐ Pilot
Next
Expanded scenario packs & evidence formats
◐ In build
Next
Controlled simulation & defensive testing environments
◯ Research
Later
Local-first cyber security tooling for high-trust environments
◯ Research
Later
Specialist defence and critical-infrastructure tooling
◯ Research
Get in touch
Discuss AI assurance or cyber security tooling.
Pilot packs, one-pagers and technical material are available on request. Tell us about the environment you operate in and what you need to evidence — we will reply.
SHARED ON REQUEST · NO PUBLIC DOWNLOADS · UK-BASED