Skip to content
View rohit-kaundal's full-sized avatar
16 followers · 113 following

Achievements

Achievement: Pair ExtraordinaireAchievement: YOLOAchievement: Pull SharkAchievement: Arctic Code Vault Contributor

Achievements

Achievement: Pair ExtraordinaireAchievement: YOLOAchievement: Pull SharkAchievement: Arctic Code Vault Contributor

Block or report rohit-kaundal

Block user

Prevent this user from interacting with your repositories and sending you notifications. Learn more about blocking users.

You must be logged in to block users.

Maximum 250 characters. Please don’t include any personal information such as legal names or email addresses. Markdown is supported. This note will only be visible to you.
Report abuse

Contact GitHub support about this user’s behavior. Learn more about reporting abuse.

Report abuse
rohit-kaundal/README.md

Hi, I'm Rohit Kaundal

AI Governance · Cyber Defense · Systems Thinking

Founder, AIFortess — building systems that make AI defensible, auditable, and regulator-ready.

rohit-kaundal

Why I Build

I design practical security and governance systems for a world where startups move fast, AI scales decisions, and compliance can't be an afterthought.

The goal is simple: less friction, fewer surprises, and more shipping.

The Direction

Modern security is reactive, human-heavy, and always late. AI governance is repeating the same mistake — spreadsheets, slide decks, and audit-cycle theatre.

I'm working toward systems where:

  • security is continuous
  • compliance is built-in
  • AI risk is mapped, not narrated
  • audits are an output, not a project

This is not about more tools. It's about changing how security and governance fit into how AI products get built.

What I'm Working On

I spend most of my time building, testing, and shipping.

AIFortess — aifortess.com

AI-native products at the intersection of cybersecurity, AI security, and governance.

  • AIFortess Assessor — ISO 42001 and AI governance readiness for independent consultants and small AI teams. Define systems, assess risk and controls, identify gaps, export readiness.
  • Vertias.ai — Multi-cloud CSPM (AWS, GCP, Azure) mapped to CIS Benchmarks, SOC 2, NIST 800-53, ISO 27001, PCI DSS, and HIPAA — with AI-driven remediation.

Open Source

k8s-scanner — agentless Kubernetes security scanner focused on:

  • best-practice validation
  • CVE detection
  • engineer-first usability

Built to solve a problem I had to solve myself.

Who This Is For

  • AI teams and technical founders shipping GenAI products under real scrutiny
  • SaaS startups (0–50) preparing for SOC 2, ISO 27001, ISO 42001, or investor diligence
  • CISOs, security architects, and compliance leads who need tools that fit existing workflows
  • Independent advisors and fractional execs who need structured methods across engagements

If you're scaling quickly and security or AI governance feels fragile, this work is for you.

Principles

  • Security should enable velocity
  • Governance should be operational, not ceremonial
  • AI should amplify engineers
  • Automation beats documentation
  • Systems beat heroics
  • Ship, observe, improve

Elsewhere

Founders shouldn't fear audits, security, or AI risk. They should fear shipping AI without systems that scale with them.

Pinned Loading

  1. h4cker h4cker Public

    Forked from The-Art-of-Hacking/h4cker

    This repository is primarily maintained by Omar Santos and includes thousands of resources related to ethical hacking / penetration testing, digital forensics and incident response (DFIR), vulnerab…

    Jupyter Notebook 2

  2. ptf ptf Public

    Forked from trustedsec/ptf

    The Penetration Testers Framework (PTF) is a way for modular support for up-to-date tools.

    Python 1

  3. Resources-for-Beginner-Bug-Bounty-Hunters Resources-for-Beginner-Bug-Bounty-Hunters Public

    Forked from nahamsec/Resources-for-Beginner-Bug-Bounty-Hunters

    A list of resources for those interested in getting started in bug bounties

    1

  4. SecLists SecLists Public

    Forked from danielmiessler/SecLists

    SecLists is the security tester's companion. It is a collection of multiple types of lists used during security assessments. List types include usernames, passwords, URLs, sensitive data grep strin…

    PHP

  5. k8s-scanner k8s-scanner Public

    Security scanner tool to scan for risks in k8s cluster

    Go 6 1

  6. digitalocean-mcp-server digitalocean-mcp-server Public

    A Model Context Protocol (MCP) server that provides programmatic access to DigitalOcean's API. This server exposes tools for managing droplets, Kubernetes clusters, and container registries through…

    Go 4 1