Black Unicorn Security is a founder-led EU cybersecurity boutique. We combine offensive security expertise, AI specialization, and homegrown tooling to deliver security that actually works.
We don't just advise: we build. Our open-source tools (DojoLM, BonkLM, PantheonLM) are tested in real engagements, so every recommendation comes from direct hands-on experience.
Headquartered in Spain, operating across the EU. Deep expertise in EU AI Act, DORA, NIS2, CRA, and related frameworks: not generic compliance checklists but practical readiness.
Transparency is a security value. Our tooling is open-source where possible, our methodologies are documented, and our findings are actionable: not opaque black-box reports.
AI/LLM security is a first-class capability, not an add-on. From prompt injection to model supply chain attacks, we cover the full attack surface of modern AI systems.
Founder & Principal Consultant
Barcelona, Spain
Grey hat turned consultant. Over 15 years spanning penetration testing, information security auditing, and IT/cybersecurity consulting: with deep roots in offensive security and a practitioner-first mindset.
Built and led a global security organization from 3 to 30+ people with 89% retention: not by hiring generalists, but by growing specialists who care about the craft.
Today, Black Unicorn Security is the distillation of that experience into a boutique practice that brings the same rigor to every engagement, without the overhead of a large firm.
Certified skills in offensive and AI security, with deep consulting expertise across regulatory compliance frameworks.
Certified LLM penetration testing methodology
2 prizes: Web3 & blockchain security
Consulting expertise in information security management frameworks
Consulting expertise in payment card industry security standards
Frameworks covered: ISO 27001 · ISO 17025 · PCI-DSS · EU AI Act · DORA · NIS2 · CRA · CSA · SOC 2
What sets a boutique founder-led practice apart from large consultancies.
Boutique size means no bureaucracy. Engagements start faster, reports land sooner, remediation guidance is direct.
We focus on AI/LLM security, EU compliance, and offensive security: not everything for everyone. Deep beats broad.
Our security tools are used in real engagements. Clients benefit from a practitioner who builds the very instruments used to find vulnerabilities.
You work directly with the principal who built the practice: and when the engagement demands it, we bring in curated specialist teams with the same depth and standards.
Boutique vs. Large Consultancy
Large firms bring headcount. Black Unicorn brings context and precision. When you engage with us, you work directly with a principal who has 15+ years of hands-on security experience: not an account manager and a rotating cast of analysts. And when engagements require additional depth or scale, we mobilize curated specialist teams trained to the same exacting standards. You get boutique attention with enterprise capacity: engagements scoped precisely, delivered without filler, and backed by real operational depth.
Let's talk about your security challenges. No sales pitch: just a direct conversation about what you need and whether we can help.