OrmAI
Hire Neul Labs

Consulting · Neul Labs

We help teams ship agent products their security team will sign off on.

Neul Labs designs, audits, and embeds with engineering teams to build AI agents that interact with production databases safely. We are the people who built OrmAI.

Book a 30-min intro call Email [email protected]

Engagements

Three ways to work together.

1–2 weeks

Agent–DB Audit

A focused review of how your AI agent talks to your database. We map the threat surface, find the breakage paths, and ship a remediation plan you can hand to engineering.

  • Threat-model document scoped to your agent + data flows
  • Findings ranked by exploitability and blast radius
  • Remediation plan with concrete code-level recommendations
  • Live walkthrough with your team
Best for: Series A–C startups shipping agent features against a real production database.
From $9,500
Discuss this engagement

3–6 weeks

OrmAI Integration Sprint

We integrate OrmAI into your codebase end-to-end: policy design, ORM adapter wiring, tenant scoping, audit pipeline, and CI gates. You leave with a working safe-data substrate.

  • Production policy file tuned to your data model
  • ORM adapter wired to your existing stack
  • Audit log persistence + query/visualization layer
  • CI tests and policy regression suite
  • 2-week post-launch support
Best for: Teams that have a working agent and want to make it safe to ship to enterprise customers.
From $28,000
Discuss this engagement

3+ months

Embedded Engineering

A senior engineer from Neul Labs joins your team part-time as the owner of the agent–database subsystem. Architecture, code, on-call, the works.

  • Weekly engineering hours dedicated to your project
  • Architecture ownership end-to-end
  • Direct contributions to production code
  • Ongoing security posture reviews
Best for: Companies building agentic products as a flagship surface.
Retainer
Discuss this engagement

Process

How an engagement actually runs.

  1. 1

    Intro call (free, 30 min).

    You describe your agent + data setup. We tell you whether we are the right fit and what the scope would look like.

  2. 2

    Scoping doc + fixed-fee proposal.

    Within 3 business days you get a written proposal with deliverables, timeline, and price.

  3. 3

    Mutual NDA + statement of work.

    We sign an NDA before touching code. SoW kicks off a defined start date.

  4. 4

    Weekly written updates.

    No vague "going well." Concrete progress notes, blockers, and next-week plans.

  5. 5

    Handoff with your team in the loop.

    We pair-program the integration so your engineers own the system the day we leave.

Selected work

What we've shipped.

Most engagements are under NDA. Two anonymized examples below; happy to share more under one.

Series B · vertical SaaS

From "the chatbot leaked another tenant's data" to SOC 2 type II in 11 weeks.

A customer-facing analytics agent had been pulled in week one of pilot after a cross-tenant leak. We rebuilt the data path on OrmAI, designed the audit pipeline, and partnered with their SOC 2 auditor to get the controls signed off in time for the relaunch.

  • · Cross-tenant access made structurally impossible
  • · 100% of agent DB calls now in audit log with sub-second query
  • · Two SOC 2 controls auto-evidenced from the log

Late-stage · fintech

An internal copilot that can write to the production ledger — safely.

An ops team wanted an LLM copilot that could correct ledger entries. We designed a write-policy with reason-required, two-person approval over $10k, row caps per statement, and a per-account daily mutation budget.

  • · 6 months in production, zero rollbacks
  • · Mean correction time down from 38 min to 4 min
  • · Compliance review approved on first pass

FAQ

Common questions.

Who is doing the work? +

Dipankar Sarkar (founder, Neul Labs) leads every engagement personally. For larger builds, a small senior team of contractors plugs in.

Do I have to use OrmAI? +

No. The audit engagement is framework-agnostic. The integration sprint and embedded engagement default to OrmAI because it is the fastest path, but we have integrated other policy stacks as well.

What stacks have you shipped against? +

Python (FastAPI, Django, Litestar) with SQLAlchemy, Tortoise, and Django ORM. TypeScript (Next, Hono, Fastify) with Prisma and Drizzle. Postgres, MySQL, SQLite, Snowflake.

Do you sign NDAs? +

Yes. We default to a mutual NDA before any technical conversation.

Is OrmAI itself open-source? +

Yes — MIT-licensed. Consulting is the commercial offering; the library will always be free.

Let's talk.

A 30-minute call costs you nothing. If we're not the right fit, we'll tell you and point you to someone who is.

Book a call → [email protected]