Skip to content
Reseni Labs

Independent AI research lab

Privacy and security for artificial intelligence.

We investigate how AI systems collect, process, and expose data — and we build the frameworks that help teams design, test, and deploy them responsibly.

Read our researchWork with us
Origin
Nairobi, KE
Coords
1.29°S 36.82°E
Scope
Worldwide
Trackers
Zero
[ 01 ] What we do
PrivacyP-01

Engineering, not paperwork.

DPIAs, data-flow diagrams, differential-privacy budgets, retention contracts — treated as production artifacts owned by engineering.

SecurityP-02

Adversarial by default.

Red-teaming of ML systems against the OWASP LLM Top 10: prompt-injection chains, data exfiltration, model inversion, supply-chain abuse.

GovernanceP-03

Standards you can ship.

Mapped to NIST AI RMF, ISO/IEC 42001, the EU AI Act, and Kenya DPA — turned into checklists product teams actually use.

[ 02 ] Latest

Research

All research →

privacy

Differential privacy budgets in LLM fine-tuning: a practitioner's guide

A reproducible study of ε–δ budgets, gradient clipping, and per-sample noise on three open-weight models, with concrete production trade-offs.

Mar 2026

security

Membership inference attacks on retrieval-augmented generation

We show that RAG pipelines leak the presence of specific documents in the index under realistic prompting conditions, and propose two practical mitigations.

Jan 2026

governance

Toward a baseline for AI incident disclosure: lessons from CVD in software

A proposal for coordinated AI incident disclosure modelled on RFC 9116 and ISO/IEC 29147, mapped onto the NIST AI RMF.

Nov 2025

[ 03 ] Open

Frameworks

All frameworks →

Methodology

AI Privacy Risk Assessment (APRA) — v1.0

An open methodology for assessing privacy risk across the AI lifecycle. Combines NIST Privacy Framework outcomes with LINDDUN threat modelling.

Methodology

ML Red-Team Playbook — v1.0

Operational guide for adversarial testing of ML systems. Covers test design, evidence collection, and reporting aligned to OWASP LLM Top 10.

[ 04 ] The site is the proof

We won't ship privacy advice from a site that leaks visitor data.

Reseni Labs runs without third-party trackers, ad networks, or session replay. The controls we recommend to clients are the controls this site enforces.

  • No Google Analytics, no Meta Pixel, no LinkedIn Insight.
  • No third-party fonts. No third-party JavaScript on content pages.
  • Cookieless analytics, self-hosted.
  • Strict CSP with per-request nonces, HSTS preload, TLS 1.3 only.
  • security.txt per RFC 9116. Coordinated disclosure.
NIST AI RMFISO/IEC 42001ISO/IEC 27701OWASP LLM Top 10EU AI ActKenya DPA 2019GDPRWCAG 2.2 AA
Reseni Labs — AI privacy & security research