We engineer infrastructure for two surfaces the legacy security stack cannot see: the browser, where users meet the open web, and the AI runtime, where agents now negotiate, act, and transact on our behalf. Our products give enterprises a defensible perimeter on both.
Independent Swiss research lab · Memory-safe by construction · EU AI Act & GDPR aligned.
We treat the browser and the AI runtime as the same kind of problem: untrusted code and untrusted intent reaching deep into the enterprise. Both need positive-security policy, semantic reasoning, and a signed audit trail — not just signature lists and string matching.
A managed browser substrate that contains every page in a hardened sandbox before it touches the corporate network. Render-only by default; data exfiltration policy enforced at the pixel and DOM boundary; full session provenance for audit.
A runtime security platform for WebSocket, event-bus, and agentic-AI traffic. Positive-security policy with ML-assisted reasoning over message intent, signed PROV-O audit on every verdict, and prompt-injection defence as a first-class primitive.
Our flagship platform. The semantic security layer for the surfaces traditional WAFs cannot see — WebSocket, event-bus, and agentic-AI traffic — with ML-assisted reasoning and signed PROV-O audit on every verdict.
Modern stacks are WebSocket-first, event-bus-driven, and shot through with embedded AI agents. Traditional WAFs watch HTTP requests that no longer carry the decision — and SOCs pay for it at audit time. WebWall is a single memory-safe runtime that reasons about message intent, not just syntax, and produces a signed evidence chain you can defend in an audit.
Semantic, deadline-bounded — 5 ms p95 per event.
WebSocket · event-bus · prompt I/O · tool calls.
PROV-O signed verdicts · FIPS 203/204 keys.
X and Me Technology AG is a small, opinionated team of engineers and researchers. We build security infrastructure we would trust ourselves — with positive-security defaults, formal audit trails, and a memory-safe data path.
We are domiciled in Switzerland for a reason: a neutral jurisdiction, strong privacy law, and a long tradition of taking infrastructure seriously.
Positive security by default. Allow what is understood; deny what is not.
One memory-safe process per data plane. Deadline-bounded budgets. Replayable verdicts.
PROV-O signed evidence chain on every decision. Admissible by design.
EU AI Act, GDPR, ISO 27001 considered as inputs to architecture, not bolt-ons.
We work directly with security architects, CISOs, and platform teams. There is no salesperson between you and the people who wrote the code. Email is the fastest way in.