About
Tharven builds and measures defenses for AI agents — the layer between a model and the real world. Everything runs locally, is reproducible, and is honest about its limits.
Incumbents are cloud-native. Tharven is sovereign-native — by design, not as a feature.
AI security is won with numbers, not claims. The market is crowded with tools that promise robustness and prove nothing. Tharven takes the opposite stance: a small set of reproducible benchmarks, run fully offline on commodity CPU, that publish their weaknesses as loudly as their strengths.
The wedge is structural. EU AI Act Article 15 makes adversarial testing of high-risk AI a legal requirement, and regulated sectors — banks, healthcare, public administration, defense — increasingly cannot send data to US clouds. A security tool that runs air-gapped, EU-domiciled, and auditable occupies a category that cloud-SaaS incumbents structurally cannot enter.
Blocks dangerous actions (shell, API, tool calls) before they run. 100% on clear attacks, 0% false positives, sub-millisecond — and an honestly-published 91.7% obfuscation-bypass that motivates the semantic layer. See the numbers →
Blocks prompt-injection (OWASP LLM01) before untrusted text reaches the model — deterministic detector plus a sovereign, CPU-only classifier trained on a domain-specific corpus. Benchmark release in progress.
| Honest numbers | Every metric is reproducible and dated. We never publish a number the code contradicts. |
| Sovereign | Offline, CPU-only, no third-party calls. In local inference mode, your data never leaves your premises. |
| Open methodology | Corpora and harnesses are public so the measurement can be audited and challenged. |
| Defensive | Built to harden systems. Adversarial capability stays sandboxed and scope-gated. |
Open-source work and benchmarks live on GitHub (Tharven). Reach out for collaboration, EU AI Act robustness testing, or sovereign LLM-security audits.
Best way to reach out: open an issue or discussion on GitHub. A dedicated contact inbox follows with the custom domain.