AutoCyber AI Pty Ltd is a Sydney, Australia–based AI company specialising in secure, local-first AI for cybersecurity, compliance, and enterprise productivity. We believe the future of AI isn't in someone else's cloud - it's on your infrastructure, under your control, governed by your rules.

"Most AI vendors ask you to trust their cloud. We don't."

Everything we ship is built around four non-negotiables: security by design, local-first deployment, verifiable compliance, and full data sovereignty. Our products run on your infrastructure - no hidden telemetry, no data resale, no vendor lock-in. Offline and air-gapped deployments supported.

The first truly agentic security platform. An AI co-pilot that actively works alongside security professionals to discover vulnerabilities, analyse threats, and generate actionable intelligence. 150+ security tools orchestrated as one. Autonomous vulnerability scanning. Compliance-ready reports aligned with NIST, OWASP, and MITRE ATT&CK.

→ autocyberai.com/products/wasa-ai

Network anomaly detection and intrusion response. Local-first, real-time threat intelligence.

→ autocyberai.com/products/nad-ai

AI-powered productivity and automation for security-conscious teams.

→ autocyberai.com/products/spark-ai

Cybersecurity made simple. No IT expertise required. Enterprise-level protection in plain language - one-click fixes, virtual security team for non-technical users.

→ autocyberai.com/products/secure-easy

Automated EU AI Act, ISO 42001, GDPR, and NIST AI RMF compliance. Change one URL - every LLM call is automatically PII-scanned, risk-classified, and written to a tamper-evident audit trail. Generate FRIA, DPIA, and Technical Documentation from live protocol data - not questionnaires. Bring your own LLM key.

→ comply.crprotocol.io

GitHub Action for AI governance scanning. Finds ungoverned AI calls in your codebase, shows exactly what safety headers are missing, and links every finding to CRP Comply for remediation.

→ crprotocol.io/products/scan

Managed hosted AI safety infrastructure. One endpoint change. All 58 safety headers. LLM key vault. Automatic compliance feed. Provider failover.

→ crprotocol.io/products/gateway

AutoCyber AI is the author and maintainer of Context Relay Protocol™ (CRP) v3.0 - an open HTTP-header standard for AI safety, context governance, and compliance evidence. CRP is the technical foundation that all of our AI governance products are built on.

┌────────────────────────────────────────────────────┐
│  A2A  - Agent-to-Agent Communication               │
├────────────────────────────────────────────────────┤
│  MCP  - Model Context Protocol (Tools)             │
├────────────────────────────────────────────────────┤
│  CRP  - Context Relay Protocol  ◀  AutoCyber AI    │
│         Context · Safety · Compliance · Provenance  │
└────────────────────────────────────────────────────┘

MCP gives agents tools. A2A lets agents communicate. CRP governs every underlying AI call - with verifiable safety signals, cryptographic provenance, and automated compliance evidence on every response.

One endpoint change. Zero application code changes. Full governance.

# Before - ungoverned OpenAI call
from openai import OpenAI
client = OpenAI(api_key="sk-...")

# After - full CRP governance, same SDK
from openai import OpenAI
client = OpenAI(
    api_key="crp_gw_...",
    base_url="https://gateway.crprotocol.io/v1"
)
# Every response now carries 58 CRP safety headers.
# Comply receives the audit event automatically.
# Safety Policy enforced at the gateway layer.

Or use the SDK directly:

pip install crprotocol[full]

import crp

client = crp.Client(model="gpt-4o-mini")
client.ingest("Your domain knowledge here...")

output, report = client.dispatch(
    system_prompt="You are a senior analyst.",
    task_input="Write a comprehensive compliance report.",
)

print(f"Words:   {len(output.split()):,}")       # 6,993 vs 592 without CRP
print(f"Quality: {report.quality_tier}")         # A
print(f"Risk:    {report.hallucination_risk}")   # LOW
print(f"HMAC:    {report.hmac[:16]}…")           # sha256:4fa8e921…

HTTP/1.1 200 OK
CRP-Safety-Hallucination-Risk: LOW
CRP-Safety-Hallucination-Score: 0.14
CRP-Safety-Attribution: CONTEXT_GROUNDED
CRP-Safety-Grounding-Pct: 0.912
CRP-Provenance-HMAC: sha256:4fa8e921abcd...
CRP-Provenance-Chain-Integrity: VALID
CRP-Compliance-EU-AI-Act: LIMITED
CRP-Compliance-GDPR-PII: false
CRP-Compliance-Audit-Trail-URI: https://comply.crprotocol.io/t/7fa3bc
CRP-Compliance-Controls-Met: 33/35
CRP-Context-Quality-Tier: A
CRP-Context-Saturation: 0.994
CRP-Agent-Safety-Budget: 0.78
CRP-Context-Protocol-Version: 3.0.0

Every header is readable by any proxy, WAF, SIEM, or middleware in the stack - no SDK required to act on them.

Three Internet-Drafts submitted to the IETF for standardisation:

IANA - HTTP Field Name registry registration in progress. Designated expert confirmed: "Publication on the Independent Stream is sufficient." Independent Submission to ISE (Eliot Lear) in progress.

IEEE SA - PAR (Project Authorisation Request) in preparation, targeting the AIS (Autonomous and Intelligent Systems) committee.

ISO/IEC JTC 1/SC 42 - New Work Item in preparation via Standards Australia, as companion standard to ISO 42001.

→ Full standards track → 17 formal specification documents

We're built for environments where failure isn't an option - enterprises, regulated organisations, government, critical infrastructure, healthcare, and defence.

We align everything we ship with:

• ISO/IEC 27001:2022 - Information Security Management
• ISO/IEC 42001:2023 - AI Management Systems
• EU AI Act (Regulation 2024/1689)
• NIST AI RMF 1.0
• OWASP Top 10 (2025)
• Australian Privacy Principles