About the studio
Six disciplines kept under one signature. The same people who write the code also write the threat models, the proofs, and the spec sheets — and answer the email when something breaks.
AI Games DPK is a Software & AI studio, registered in 2025 as a variable capital company in Sofia, Bulgaria.
The same engineers design, develop and maintain every project. That lets us hold a high quality bar without the overhead of an agency or the politics of a board.
We work directly with the people who pay for the work. No intermediaries, no handover layers, no account managers between you and the engineer holding the keyboard.
Six disciplines kept in the same head — depth rather than breadth, defended against the temptation to specialise into a silo.
Type-safe end-to-end (TypeScript on the web, Kotlin on Android, Swift on iOS), generated OpenAPI clients consumed by every platform, lint and Semgrep rules that fail the build on known anti-patterns. Tests where they catch real regressions, not where they pad coverage reports.
Reference designs across Cloudflare, AWS, Azure and GCP, plus hybrid and on-prem topologies including SAN / NAS. Well-architected reviews, FinOps and cost engineering, migration playbooks for lift-and-shift and re-platform moves, infrastructure as code with Terraform or Pulumi.
LLM orchestration and ensembles, retrieval-augmented generation, LoRA / QLoRA fine-tuning of open-weight models, async inference pipelines, prompt-injection defences. Calibration measured with Brier score and log-loss against resolved outcomes — not against vendor benchmarks.
Bayesian inference for decisions under uncertainty, calibrated probabilities with explicit confidence intervals, information-theoretic loss functions, optimal stopping rules. Probability done with rigour — measured, not asserted. The math behind Fatumu's forecasts and Praemonitus's risk scoring.
Design tokens with measured contrast (text on white at 7.7 : 1, not 4.8 : 1), WCAG 2.1 AA invariants, motion-safe defaults, mobile-first responsive grids, performance budgets enforced in CI.
Threat modelling before features. SAST and DAST in CI, dependency and container scanning, secret scanning, SBOM diffing, supply-chain analysis. LLM-augmented vulnerability triage that opens patched pull requests rather than ticket queues nobody resolves.
Anything we ship for a client, we also ship for ourselves. The in-house products on the next page are part of the public proof.
LLM orchestration, retrieval-augmented generation, fine-tuning of open-weight models, image generation, async inference pipelines, evaluation harnesses, prompt-injection defences.
Next.js / React on the web, native Swift / SwiftUI on iOS, native Kotlin / Jetpack Compose on Android — every client consuming the same generated OpenAPI contract.
Cloudflare, AWS, Azure and GCP solution architecture, plus hybrid and on-prem with SAN / NAS, VMware, Proxmox, KVM. Workers, D1, R2, KV, Queues, Vectorize where Cloudflare is the right answer.
ROS 2 and ArduPilot integration, Bayesian decision engines, on-robot VLA manipulation policies (SPEAR-1 by INSAIT) running below a vendor-agnostic coordination layer for mixed civilian fleets.
How we think
The studio's technical taste, condensed. These show up across every project — from a consumer image-stylizer to a robotics coordination platform.
Every system has someone willing to misuse it: a tampered client, a replayed request, a model under prompt-injection, an unhappy customer with time on their hands. Threat models come before features. Ownership checks return 404, never 403. Append-only ledgers refuse double-charges by construction. We assume the attacker is patient — and the build refuses to ship a system that cannot survive that.
A claim without a measurement is a hope. Fatumu ships forecasts with explicit 80 % and 95 % confidence intervals because anything else is decoration; Praemonitus surfaces calibrated risk scores because operators need to know how confident the system is, not just what it predicts. We track Brier score and log-loss on resolved outcomes, latency percentiles on real users, error budgets on real incidents — and we publish them inside the product when we can.
Image pipelines downscale to 3 MB before they leave a cellular handset. Accessibility — keyboard navigation, screen-reader labels, motion-restraint, contrast — ships with v1. The user's attention is what we are spending; we owe them a fast, clear, honest interface in return.
Each product has its own codebase, but every codebase shares the same technical foundation, the same conventions, and the same rules. Anyone on the team can move between products without retraining.
Same tools, same patterns across every project we own — faster work, fewer mistakes, less context to hold in our heads.
Authentication, payments, async pipelines, security middleware and observability are solved at studio level and reused everywhere. We do not rebuild them per project.
We do not sell user data. We do not train on it. We do not ship dark patterns.
