Evaluation of multi-agent systems, MCP, A2A and ACP integrations, LLM provider switching and vendor risk.
02
Data flow and governance analysis
Before productive AI roll-out: separation of training and inference, fulfilling GDPR and EU AI Act, building robust governance.
03
Building local AI servers in line with data protection
Architecture and hardware selection, Open WebUI, model choice such as DeepSeek, LLaMA or Mistral – without dependence on external providers.
04
Support for AI pilot projects
Support for initial deployments with Microsoft Copilot, Azure AI, SAP Joule or custom LLM applications – from proof of concept to production.
05
Assessment of AI-assisted code analysis and cyber defence
Classification of model-driven tools such as Claude Security or comparable offerings, auditability of stochastic analysis, human approval and embedding into multi-stage security architectures.
06
Data foundation and storage architecture for AI
Convergent storage layer of backup, archive and AI pool, object storage with S3 and metadata, immutability via Object Lock and usable data for RAG, vectorisation and inference.
Mit Perplexity Computer hat das KI-Suchunternehmen einen General-Purpose-Agenten gestartet, der Aufgaben autonom ausführt. 19 Modelle übernehmen Teilrollen, von Recherche bis Bildproduktion. Im Produktivbetrieb zeigen sich allerdings Schwächen, die ein Pilo…
Typical replication of a dataset in enterprise architectures: original, backup, replica, ETL extract, training data
IDC Global DataSphere 2025–2029
Driver #1
Generative AI as central driver of unstructured data volume and complexity
IDC 2025
Days, weeks
Timeframe over which autonomous AI agents continue tasks with persistent memory – with direct access to screen, plugins and business systems
Current market state 2026
What this means for companies
Data copy proliferation is the invisible cost driver of any AI initiative. Fragmented data leads pilot projects to work with inconsistent or outdated information. In parallel, autonomous AI agents directly access screen content, business systems and persistent storage. Anyone introducing memory functions, plugin integrations and multi-day agent tasks needs clear rules for access, logging, accountability and data flow back to the provider.
Two questions come before model selection in AI projects: the data architecture question and the agent governance question. I support companies on the data flow analysis before AI roll-out and on defining agent rules before productive use. Both run individually because data landscape, industry regulation and maturity differ from company to company.
AI-assisted cyber defence
Model-driven code analysis shifts the balance in security
AI models now find vulnerabilities in source code faster than attackers can exploit them. I help companies understand and classify these tools correctly.
Model-assisted code analysis: data flow across files, findings with severity and confidence.
How the analysis works
The model reads the code, follows data flows across files and assesses how components interact. Each finding arrives with a confidence rating and a severity level after the model has tried to disprove its own result. That shortens triage and directs scarce analyst time to real risks.
Why time is the deciding factor
Current models reliably find flaws, the next generation is set to exploit them autonomously. The span between discovery and exploitation shrinks from days to hours. The most powerful models, such as Claude Mythos, stay restricted to around 40 critical-infrastructure operators, governed by a verification program. The German BSI expects upheaval in how vulnerabilities are handled.
Interval compression: the traditional workflow of 8.6 days condenses to hours.
What this means for companies
These tools belong in a multi-stage architecture, secured by human approval, deterministic methods and tests of the running application. I assess providers along repeatable patterns, clarify the auditability of the stochastic analysis and define the interfaces to existing vulnerability-management and incident-response processes.
Data foundation for enterprise AI
AI succeeds or fails on the data layer
Gartner expects at least 30 percent of generative AI projects to be abandoned after the proof of concept, often due to poor data quality, unclear governance and runaway costs. The cause rarely lies in the model, more often in data logistics. I advise on the architecture that brings backup, cyber resilience and AI use onto one storage layer.
One namespace serves backup, archive, data lake and AI, addressed via S3, metadata and erasure coding across hot, warm and cold tiers.
One storage layer instead of separate silos
Backup, primary storage and AI stacks multiply data copies. Each copy ties up storage, bandwidth and administration. A consolidated layer cuts cost and closes the gap between protection and usability.
Object storage as the technical foundation
S3 interface, erasure coding and rich metadata replace classic storage silos. The same data serves as backup, archive and AI source, readable through one consistent API.
Cyber resilience at the storage level
Object Lock in compliance mode, end-to-end encryption and versioning protect data at the API level. Ransomware does not reach the last line of defence. Cyber insurers now require immutable backups.
Protected data as an AI resource
The same secured pool feeds RAG, vectorisation and inference caches. Metadata governs which data flows into which pipeline. The model demonstrably uses the same data that is secured as an auditable archive.
The same protected data pool feeds indexing, vector search and inference, with governance and audit spanning the whole flow.
I assess where storage architecture and AI strategy meet: reducing data copies, keeping backups usable for RAG without losing protection, and clarifying which data may feed which pipeline. The separation between recommendation and execution stays strict, so every change to the data set remains auditable, a requirement in regulated environments.
For several companies in the AI field I also produce documentation and eBooks that they pass on to their own customers.
I support companies and public authorities with AI integration, from architecture concept to regulatory classification under the AI Act, NIS2 and GDPR. As an author and consultant for several hyperscalers, I know the strengths and weaknesses of the platforms first-hand and can give independent recommendations.
AI and robotics evolve fast. What matters is clean integration into existing processes.
Strategic positioning of artificial intelligence
Integrating artificial intelligence requires a sound strategic foundation. I provide strategic consulting and positioning of AI projects within your company. I analyse your individual requirements and develop tailored concepts that integrate seamlessly into your long-term IT strategy.
Process integration into existing IT landscapes
A successful AI rollout cannot remain an isolated project. I integrate AI solutions into existing business processes and IT infrastructures. The focus is on creating genuine added value in day-to-day operations without unnecessarily disrupting established and well-functioning workflows.
Editorial feedback
„You can tell you engaged deeply with the topic – a strong piece of writing."
Wolfgang Kreutz
Editor Mac & i·Heise Medien
Editorial feedback
„A polished and engaging article on data protection in Google Gemini."
„Many thanks for the great webinar. There were many participants with an average attendance time of 32 minutes. Interest was high, and the questions and feedback were very engaging."
Robert Raditzky
Product Manager·WEKA
Client testimonial
„A big thank you for your excellent work."
Benjamin Sauter
Digital Content Manager·SysGo
Security, compliance & regulation
Risk mitigation and legally compliant use of AI in highly sensitive environments.
GDPR compliance when using AI models
Data protection is central when using AI services. I assess the legally compliant use of systems such as Copilot, ChatGPT and Gemini against strict GDPR requirements. Together we ensure that sensitive corporate and personal data remain protected at all times.
Local AI models and on-premises solutions
Not every AI application has to run in the cloud. I analyse the local operation of models such as DeepSeek, LLaMA and Mistral on your own hardware. This approach gives you maximum control over your data and makes you independent of external cloud providers and their processing policies.
Digital sovereignty in the AI era
Dependence on a few large technology corporations carries strategic risks. My work includes strengthening your digital sovereignty in the use of AI. We develop ways for you to remain technologically agile and avoid lock-in effects when choosing your AI platforms.
Deepfake detection and IT resilience
With the spread of generative AI, security risks from manipulated media are increasing. I show methods for the technical detection of deepfakes and connect current AI technologies to the strengthening of your general IT resilience against new attack vectors.
Regulatory requirements and compliance
Legal frameworks for IT and AI are evolving rapidly. I contextualise regulatory requirements such as the AI Act, NIS2, CRA and KRITIS for your specific business situation. This puts your AI projects on solid technical and legal ground.
Cloud compliance and Schrems-II
Data transfer to third countries remains a complex legal topic. I assess your cloud compliance against the requirements of Schrems-II so that your architecture is prepared for review by data protection officers and management. This is particularly relevant if you use AI services from American hyperscalers while needing to comply with European data protection standards.
Digital forensics and evidence preservation
In case of security incidents, fast and methodical action is required. I advise on digital forensics and court-admissible evidence preservation from Microsoft 365, cloud storage and log files. This expertise helps you to fully clarify incidents and document them in a legally robust way.
Industry 4.0 and AI integration
Manufacturing benefits massively from intelligent systems. I combine the concepts of Industry 4.0 with current artificial intelligence. From predictive maintenance to intelligent process control, I show how AI can measurably increase value creation in manufacturing.
Expertise in practice
In-depth technical articles
From agent architectures and SAP AI to data protection: the articles cover the topics I move daily in consulting projects.
My analyses and documents condense complex matters for executives and technical management.
Technical publications and whitepapers
Complex knowledge requires precise preparation. I write whitepapers and technical publications with high technical depth that completely avoid empty marketing language. These documents serve as a well-founded information source for technical departments and decision-makers.
Decision documents for management
Executives need clear facts for far-reaching IT investments. I create internal documents for upcoming decisions based on my many years of practical experience. These templates condense complex technical matters into the essential strategic and economic core points.
External project assessment in early phases
Wrong decisions at the start of a project are only expensive to correct later. I take on the preparatory assessment and external evaluation in early project phases. Since I have no own product interests and take no operational role in the later project, my judgement is completely neutral.
Publishing placement of technical texts
Technical expertise deserves a broad audience. I support you in the professional placement of texts in renowned technical publishers. Through my extensive network in IT publishing, I help position your technological success stories in the relevant industry media.
Clients & collaboration
Collaboration at eye level for the highest demands in sensitive sectors.
Consulting mode without long-term commitment
Flexibility is essential in today's IT world. I deliberately avoid long-term contractual commitments. You commission me per project, and payment is only made after successful acceptance. This approach guarantees you maximum cost transparency and independence.
Experience with public authorities and ministries
The public sector has special requirements for security and procurement law. I maintain technical exchange with authorities up to ministry level and know the specific challenges of state institutions when introducing cloud and AI technologies from numerous ongoing client projects.
Consulting for healthcare and hospitals
In the medical environment, data protection and system availability are vital. I advise healthcare facilities, such as the Katharinen-Hospital Stuttgart, on secure digitisation. I actively engage with clinic leaderships, executive boards as well as municipal and state authorities.
Ready for the next step?
Use my independent expertise for your upcoming IT decisions. Let us find out together how we can implement your AI projects safely and successfully.