Theme
AI Consulting & Advisory · Berlin

AI systems for organizations that value their data

Modal Resonance is a boutique Data & AI consultancy based in Berlin. We design, build, and independently evaluate LLM applications, RAG systems, and AI agents for organizations in healthcare, financial services, insurance, and any organization where privacy, security, and reliability are operational requirements.

Our work combines hands-on production engineering, rigorous compliance methodology and state-of-the-art research. Engagements are scoped from focused two-week assessments to full production deployments.

How we engage

Our services

Each engagement is fixed in scope and duration, with a concrete deliverable that prioritizes solving a real pain point.

Build

From use-case identification through production deployment.

End-to-End AI Build
A production engagement that starts with identifying the highest-impact use case and delivers it through to production. This could be an internal copilot, a process automation, a RAG-based knowledge system, or a customer-facing assistant. The engagement covers use-case selection, feasibility assessment, architecture, implementation, evaluation, internal stakeholder alignment, and handover. The client retains full ownership of source code, documentation, and infrastructure.
Deliverables
  • Use-case selection grounded in feasibility assessment and expected business impact
  • Deployed system in production including observability, monitoring, and evaluation pipelines
  • Evaluation report with accuracy, reliability, and performance baselines for precise monitoring of the live system
  • Full source, tests, runbooks, and handover training
Applicable when:

When the organization is ready to move from AI ambition to a working system in production, with senior engineering support throughout.

Local & Sovereign AI
Design and deployment of AI-powered systems running entirely on your own infrastructure or on european sovereign cloud providers. No data leaves your control, and no dependency on third-party AI vendors is introduced. The result is full operational independence, lower ongoing costs compared to hosted API services, and privacy built into the architecture.
Deliverables
  • Capability assessment for the target use case, covering what local models can deliver versus hosted APIs, with fine-tuning and adaptation applied where gaps require it
  • Deployed AI system running on-premise or on European sovereign infrastructure, with no external data dependencies
  • Architecture designed for data sovereignty, business continuity, and operational independence
  • Full source, configuration, and operational documentation transferred to the client
Applicable when:

When the organization requires full control over its data, its AI infrastructure, and its independence from external providers.

Protect

Making sensitive data safe for downstream use.

Synthetic Data Sprint
A working synthetic or simulated dataset suitable for development, testing, or analytics, together with defensible utility and privacy risk assessment reports. The engagement leverages our synthetic data expertise, including quality and privacy evaluation.
Deliverables
  • Synthetic version of the dataset, ready for downstream use
  • Utility report quantifying fidelity to the original data
  • Privacy risk report with measured re-identification risks through Anonymeter, our open-source framework evaluated by the CNIL.
  • Handover session with the client's data team
Applicable when:

When production data cannot be shared with vendors, internal teams, or external partners.

Privacy Engineering for Documents and Unstructured Data
Detection of sensitive content in unstructured text, such as contracts, invoices, call center transcripts, medical reports, and legal correspondence, followed by the appropriate privacy-enhancing transformation: suppression, pseudonymization, generalization, or synthetic replacement. The technique is chosen per entity type based on sensitivity, downstream use, and the architecture the data flows through. Pipelines cover both standard identifiers and domain-specific sensitive terms defined by the client.
Deliverables
  • Analysis of document types, data flows, and sensitivity requirements
  • Detection and transformation pipeline tailored to the client's document landscape
  • Validation report covering detection accuracy, false positive rate, and residual risk
  • Integration into existing document processing or LLM workflows
Applicable when:

When unstructured documents contain sensitive information that must be protected before downstream processing, sharing, or storage, and simple suppression is not sufficient or appropriate.

Privacy Engineering for Databases and Structured Data
Mapping of sensitive fields across schemas and data pipelines, followed by selection and implementation of the appropriate privacy-enhancing transformation for each: pseudonymization, masking, tokenization, generalization, or synthetic substitution. The technique is chosen per field based on its sensitivity, role in the schema, and the downstream use of the data. Referential integrity and analytical utility are preserved throughout. The engagement covers both obvious identifiers and domain-specific sensitive fields defined by the client.
Deliverables
  • Data sensitivity mapping across tables, fields, and processing workflows
  • Per-field transformation logic integrated into the data pipeline
  • Utility assessment confirming that protected data remains fit for its intended downstream use
  • Documentation of the protection concept suitable for DPO review and regulatory communication
Applicable when:

When databases or data pipelines contain sensitive information that must be protected before use in analytics, development, testing, or third-party sharing, and a uniform masking approach would sacrifice too much utility or fail to match regulatory requirements.

Assess

Independent evaluation of deployed AI systems.

LLM Safeguarding: Assessment & Remediation
An adversarial evaluation of a chatbot, RAG, or agentic system, followed by design and implementation of the necessary safeguards. The engagement covers risk analysis aligned with established frameworks (NIST AI RMF, ISO/IEC 42001, OWASP Top 10 for LLM Applications and for Agentic Systems), including data leakage analysis, prompt injection testing, and accuracy benchmarking. Remediation of prioritized issues is implemented as part of the same engagement.
Deliverables
  • Risk analysis mapped against standard AI risk management frameworks
  • Adversarial test results covering prompt injection, context leakage, and PII extraction
  • Implemented safeguards addressing identified vulnerabilities
  • Accuracy benchmark under the applied mitigations
Applicable when:

When an LLM application requires a thorough, independent evaluation and concrete improvements to comply with specific regulations and security best-practices.

Privacy & Fairness Evaluation
An independent evaluation of datasets or machine learning systems for privacy risk and bias. The methodology is aligned with EU AI Act Article 10 requirements and draws on peer-reviewed methodologies.
Deliverables
  • Quantitative privacy risk measurement (re-identification, singling out, linkability, inference)
  • Fairness and bias analysis across protected groups
  • EU AI Act Article 10 alignment summary
  • Audit-ready report suitable for DPO, legal, and regulatory review
Applicable when:

When documented technical evidence is required to support regulatory communications or internal governance review.

Enable

Building AI capability across the organization.

AI Literacy & Adoption Training
Structured training for teams across the organization. Content is tailored to the audience: business stakeholders learn where AI can realistically support their work, and technical teams learn to build and deploy responsibly. Formats range from focused half-day workshops to embedded coaching over several weeks.
Deliverables
  • Tailored training program addressing the specific roles, tools, and workflows of the participants
  • Practical guidance on identifying high-value AI applications within each team's domain
  • Clear framework for responsible use, covering data handling, prompt design, output verification, and organizational policies
Applicable when:

When teams across the organization need a grounded understanding of how AI systems can support their work, and how to use them effectively and safely.

Technical-Governance Alignment
In many organizations, AI deployment stalls because engineering and governance functions operate with different frameworks, different vocabularies, and different risk tolerances. Legal, data protection, and information security raise concerns. Engineering hears obstruction. The result is friction that blocks progress on both sides. We work with both groups to translate concerns into concrete technical and organizational measures that allow deployment to proceed on terms everyone can support.
Deliverables
  • Structured joint sessions between engineering and governance stakeholders, with facilitation and technical translation
  • A shared risk assessment that maps technical system behavior to the specific regulatory and policy concerns raised by governance
  • Concrete, implementable safeguards that address identified risks without blocking deployment
  • Documentation suitable for both engineering handoff and compliance review
Applicable when:

When AI initiatives are stalled or slowed by unresolved tension between the teams building the system and the functions responsible for approving it.

Where organizations seek support

Our expertise

Our work clusters around four recurring situations. Each is supported by scoped engagements with defined outcomes.

Strategy
Defining a credible first step for AI adoption
Many organizations recognize the potential of AI but struggle to move from broad ambition to a concrete, defensible first engagement. A well-scoped starting point that produces a tangible outcome is usually more valuable than a comprehensive strategy exercise.
Indicators
Earlier external engagements delivered analysis without implementation
Difficulty quantifying the expected value of AI investments internally
Multiple parallel experiments without a clear prioritization framework
We begin with a scoped engagement of two to four weeks. The deliverable is a concrete artifact: a working prototype, a technical assessment, or a privacy evaluation. This is accompanied by the documentation required to support internal decision-making.
Read more ↓
Engineering
Moving AI systems from prototype to production
The transition from a working prototype to a reliable production system is one of the most underestimated challenges in AI adoption. Behavior on real data, infrastructure readiness, and operational maturity each introduce distinct requirements, and each needs to be addressed before deployment.
Indicators
System behavior differs between development and production environments
Internal sign-off required from IT security, data protection, or workers council
Gaps in infrastructure, monitoring, or evaluation preventing rollout
We work end-to-end: architecture, production engineering, privacy and security safeguards, evaluation, and support throughout internal governance processes. We can take ownership of delivery or work alongside your team, depending on what fits best.
Read more ↓
Assurance
Independent evaluation of AI systems in production
Organizations that have deployed AI systems increasingly require independent technical evaluation. The reasons vary: satisfying internal governance, preparing for regulatory obligations, or validating system behavior with respect to privacy, accuracy, and fairness. Evidence-based assessments provide the substantive technical backing that these situations require.
Indicators
Deployed AI systems have not undergone a formal technical evaluation
The DPO or compliance team requires technical backing for their assessments
No systematic monitoring for drift, bias, or data leakage in place
We conduct independent privacy risk assessments, adversarial LLM evaluations, and fairness audits using methods published in peer-reviewed venues (PoPETs, IEEE) and evaluated by regulators including the CNIL. Reports are structured to support regulatory communication and internal review.
Read more ↓
Frontier
Assessing risk in agentic AI and emerging regulation
Agentic systems, including autonomous tools, multi-agent architectures, and MCP integrations, introduce patterns of behavior that existing AI governance frameworks were not designed to address. Emergent data flows, autonomous data access, and unclear provider attribution under the EU AI Act create new categories of risk that require deliberate analysis.
Indicators
Deploying or evaluating tool-using or multi-agent systems
Open questions regarding provider responsibility under the EU AI Act
No established risk model for autonomous agent behavior
We map data flows across agent chains, evaluate tool and MCP supply chains, conduct adversarial testing of autonomous behavior, and classify systems against current EU AI Act guidance, with the goal of supporting informed deployment decisions.
Read more ↓
Focused team. Complementary expertise.

Our Team

AI Strategy & Engineering
Omar Ali Fdal
Led an AI company from founding through acquisition, building production AI systems for enterprise clients. Specializes in the architectural decisions that shape performance, reliability, and data sovereignty.
AI Research & Evaluation
Dr. Matteo Giomi
Led AI privacy research at an enterprise data protection company, contributing to national standards bodies and developing peer-reviewed evaluation methods that are now used across the industry.
AI Engineering & Deployment
Daniel Perez
Architected, and implemented production AI systems, including agentic systems and workflow automations, at scale. Developed privacy-enhancing technologies and optimization systems used in performance-critical environments.
Background
Where we come from

Before founding Modal Resonance, we built and led an AI company focused on synthetic data and privacy-enhancing technologies, serving enterprise clients in regulated industries. The company was acquired by a leading data protection provider, where we continued to lead research and engineering.

During that time, we developed Anonymeter, an open-source privacy risk measurement tool that was evaluated by the French data protection authority (CNIL) and published in a peer-reviewed scientific journal. It is now used by enterprises across Europe.

Our work has included contributions to NIST's Collaborative Research Cycle on privacy risk assessments, IEEE standardization of synthetic data evaluations, collaboration with NVIDIA on privacy-preserving methods, and published research on LLM accuracy evaluation and data anonymization. We have been named as inventors on pending patents in privacy-enhancing technologies (AI safeguarding and unstructured data protection, privacy risk assessment).

Research & Credentials
Anonymeter
CNIL-evaluated, open source
PoPETs 2023
Peer-reviewed research
NIST
Research-cycle contributor
IEEE
Synthetic data standardization
Regulated Industries
Insurance · Finance · Health
Get in touch

Book an intro call

You can directly book an intro call in our calendar, or share some details in the form below and we will reach back immediately. We work in English, German, French, Italian, and Spanish.
Book an intro call
Or send us a message