# Tudor Andrei Dumitrascu — AI Engineer & ISO 42001 Auditor

> I build production AI systems and audit them against ISO/IEC 42001 — helping leaders make AI decisions they won't regret. LLM apps, RAG, ML infrastructure, EU AI Act and AI governance.

Source: https://tudorandrei.xyz/

AI builder & ISO/IEC 42001 auditor

# I build AI systems — and I *audit* them.

I help leaders make AI decisions they won’t regret. Three years shipping production AI in legal, banking, and finance — and now auditing AI management systems against ISO/IEC 42001. I’ve shipped the thing, and I’ve audited the thing.

 Book a 30-min call → See the work

 Built & shipped Production AI, 3 yrs

 Audited ISO 42001 · 27001

 Based in Bucharest, RO

 Shipped in regulated, high-stakes domains

 Legal / Banking / Finance / KYC · AML / EU AI Act / ISO 42001 / ISO 27001 / MLOps

// The problem

## You’re not confused about AI. You’re afraid of *the wrong move*.

The budget, the board, the regulator, the headline risk — the cost of a bad AI bet isn’t the bill, it’s the regret. What you actually want in the room is someone calm who has shipped real systems **and** knows exactly how they fail an audit.

 BUILD

### I’ve shipped the thing.

ML infrastructure at 500K+ docs/day, KYC/AML platforms for banks, document intelligence for legal teams. Real data, real latency, real adversaries.

 AUDIT

### I’ve audited the thing.

An active ISO/IEC 42001 and 27001 auditor assessing whether AI systems are governed, documented, and safe. Most people in AI have done one or the other.

// Services

## From unclear ambition to a system you can defend.

### AI Strategy & De-risking

Board-ready clarity on where AI creates value — and where it creates exposure — before you commit budget, headcount, or tools.

- Roadmap
- Opportunity sizing
- Risk
- Vendor selection

### Agentic Systems & AI Products

Production AI built for real workflows: LLM apps, RAG, agents, evaluation loops, and the application surface around them.

- LLM apps
- RAG
- Agents
- Evaluation

### AI Governance & Compliance

EU AI Act risk classification and ISO/IEC 42001 readiness — from someone who audits these management systems for a living.

- EU AI Act
- ISO 42001
- ISO 27001
- Policy

### ML Infrastructure & Security

Inference, pipelines, observability, and red-teaming for AI that has to survive real data, real latency, and real adversaries.

- Triton
- MLOps
- Observability
- Red team

// Selected work

## Production AI in high-stakes, regulated domains.

 CASE-01 Finance

1,000+ articles/sec

### High-throughput News Intelligence

NVIDIA Triton inference pipeline, distributed scraping, extraction, and monitoring — 500K+ docs/day at 99.9% uptime.

 CASE-02 Legal

RAG in production

### Legal Document AI

Playbook ingestion, template parsing, and document-aware Q&A for legal workflows where a wrong answer is expensive.

 CASE-03 Banking

KYC/AML · multi-tenant

### Compliance SaaS for Banks

Automated KYC/AML workflows serving multiple financial institutions, with graph data modeling and full observability.

 CASE-04 Assurance

ISO 42001 / 27001

### AI Governance Audits

Assessing AI management systems and information security against certification requirements as an active auditor.

// Operating model

## A practical path you can audit at every step.

The work isn’t model selection. It’s scoping the real decision, confronting data reality, designing the application, hardening it for production — and proving it’s governed.

- ### Scope & de-risk

Define the decision the system must improve, and the failure cases you can’t afford. No model talk yet — just the real stakes.
- ### Build the slice

Ship a narrow version on real data, with measurable outputs and a clear evaluation. Proof beats slideware.
- ### Harden & govern

Add monitoring, latency control, and security — plus documentation that satisfies the EU AI Act and ISO 42001.

// Track record

- NOW CTO, Pythia Sociodynamical Technologies
- NOW Auditor, Cert Sud
- ISO/IEC 42001:2023 Internal Auditor — TÜV Thüringen Karpat
- AI Engineer, CogniSync
- ISO/IEC 27001:2022 External Auditor — CERTINSPECT Register
- Co-Founder & CTO, Pythia Sociodynamical Technologies
- IT Administrator, Cert Sud SRL
- Research & Development Intern, Continental Powertrain Engineering

// Stack

 DSPy PyTorch Scikit-Learn NVIDIA Triton NLP CV DL Python FastAPI NestJS Litestar RESTful APIs Pandas MongoDB PostgreSQL Redis RabbitMQ SurrealDB Typescript Next.js React Remix TailwindCSS Docker AWS Azure CI/CD Prometheus Grafana Nix Romanian English German

// Start here

## Make the AI decision you won’t regret.

Bring a decision, a bottleneck, or a system you need to trust. Thirty minutes, no slides — we’ll find out fast whether I can help.

 Book a 30-min call → Or email me
