Xabier Muruaga
Xabier Muruaga

Xabier Muruaga

AI/GenAI Architect · AI Agents, GenAI Security & Assurance

I shape production AI and GenAI so value and risk stay controlled as adoption scales. Architecture and assurance for secure AI systems in regulated environments.
Production at Scale · AI Risk and GenAI Security · Assurance and Audit Readiness

Case Studies

Representative examples focused on artifacts and acceptance criteria.

ExploreExplore

About Me

Roles, credentials, and the operating context where these standards were applied.

ExploreExplore

What I design

Moving beyond prototypes to architected, governed and economically viable production systems.

I shape production AI and GenAI from value framing to deployable architecture, with security, assurance, and compliance readiness built in. The objective is simple: capture material value with controlled ownership, auditability, and unit economics.

In large organizations, GenAI stalls for predictable reasons. Fast prototypes do not survive scale when decision rights are unclear, controls fragment across teams, and accountability is reconstructed after the fact. Security and assurance then become reactive.

I make scale deliberate by defining the reference architecture, decision boundaries, and acceptance criteria teams must follow. Security and assurance are built into runtime and release gates, so controls and evidence do not have to be rebuilt on every release.

When systems are already live, I run security and assurance assessments for governance and audit sampling. This includes threat modeling and adversarial testing for GenAI misuse risks such as prompt injection, data leakage, and unsafe tool or permission boundaries.

The case studies reflect this lifecycle: value selection, architecture at scale, secure GenAI by design, independent assessment, compliance readiness, and governed agent autonomy.

Portfolio

Selected Case Studies

Value Discovery & Portfolio
Case Study

Value Discovery & Portfolio

Prioritize GenAI investments with explicit value hypotheses, scale criteria, and stop rules so spend concentrates on initiatives that can reach production safely.

Read Case Study
Production AI Architecture at Scale
Case Study

Production AI Architecture at Scale

Define a reference architecture that standardizes model access, observability, and standard entry points so delivery remains consistent without fragmented ownership or platform drift.

Read Case Study
Generative AI Security by Design
Case Study

Generative AI Security by Design

Secure production GenAI through enforced data boundaries, permissioned retrieval, and governed tool access. Add runtime guardrails and security-grade observability to prevent leakage and unauthorized actions.

Read Case Study
GenAI Security, Evaluation & Assurance Assessment
Case Study

GenAI Security, Evaluation & Assurance Assessment

Independently assess production GenAI through security testing and evaluation, delivering audit-ready evidence, severity-rated findings, and fix verification criteria.

Read Case Study
EU AI Act & ISO/IEC 42001 Readiness
Case Study

EU AI Act & ISO/IEC 42001 Readiness

Operationalize EU AI Act and ISO/IEC 42001 readiness by establishing an AI Management System (AIMS) with policy-as-code enforcement, clear ownership, and continuous evidence in production.

Read Case Study
Agentic AI Architecture and Controls
Case Study

Agentic AI Architecture and Controls

Design and operate agentic AI with governed tool access, identity and permission scoped execution, managed memory, and runtime budgets. Use approval boundaries and traceability so autonomy stays safe in real operational workflows.

Read Case Study
Value Discovery & Portfolio
Case Study

Value Discovery & Portfolio

Prioritize GenAI investments with explicit value hypotheses, scale criteria, and stop rules so spend concentrates on initiatives that can reach production safely.

Read Case Study
Production AI Architecture at Scale
Case Study

Production AI Architecture at Scale

Define a reference architecture that standardizes model access, observability, and standard entry points so delivery remains consistent without fragmented ownership or platform drift.

Read Case Study
Generative AI Security by Design
Case Study

Generative AI Security by Design

Secure production GenAI through enforced data boundaries, permissioned retrieval, and governed tool access. Add runtime guardrails and security-grade observability to prevent leakage and unauthorized actions.

Read Case Study
GenAI Security, Evaluation & Assurance Assessment
Case Study

GenAI Security, Evaluation & Assurance Assessment

Independently assess production GenAI through security testing and evaluation, delivering audit-ready evidence, severity-rated findings, and fix verification criteria.

Read Case Study
EU AI Act & ISO/IEC 42001 Readiness
Case Study

EU AI Act & ISO/IEC 42001 Readiness

Operationalize EU AI Act and ISO/IEC 42001 readiness by establishing an AI Management System (AIMS) with policy-as-code enforcement, clear ownership, and continuous evidence in production.

Read Case Study
Agentic AI Architecture and Controls
Case Study

Agentic AI Architecture and Controls

Design and operate agentic AI with governed tool access, identity and permission scoped execution, managed memory, and runtime budgets. Use approval boundaries and traceability so autonomy stays safe in real operational workflows.

Read Case Study
Value Discovery & Portfolio
Case Study

Value Discovery & Portfolio

Prioritize GenAI investments with explicit value hypotheses, scale criteria, and stop rules so spend concentrates on initiatives that can reach production safely.

Read Case Study
Production AI Architecture at Scale
Case Study

Production AI Architecture at Scale

Define a reference architecture that standardizes model access, observability, and standard entry points so delivery remains consistent without fragmented ownership or platform drift.

Read Case Study
Generative AI Security by Design
Case Study

Generative AI Security by Design

Secure production GenAI through enforced data boundaries, permissioned retrieval, and governed tool access. Add runtime guardrails and security-grade observability to prevent leakage and unauthorized actions.

Read Case Study
GenAI Security, Evaluation & Assurance Assessment
Case Study

GenAI Security, Evaluation & Assurance Assessment

Independently assess production GenAI through security testing and evaluation, delivering audit-ready evidence, severity-rated findings, and fix verification criteria.

Read Case Study
EU AI Act & ISO/IEC 42001 Readiness
Case Study

EU AI Act & ISO/IEC 42001 Readiness

Operationalize EU AI Act and ISO/IEC 42001 readiness by establishing an AI Management System (AIMS) with policy-as-code enforcement, clear ownership, and continuous evidence in production.

Read Case Study
Agentic AI Architecture and Controls
Case Study

Agentic AI Architecture and Controls

Design and operate agentic AI with governed tool access, identity and permission scoped execution, managed memory, and runtime budgets. Use approval boundaries and traceability so autonomy stays safe in real operational workflows.

Read Case Study
0%