Applied-AI security studio · Whidbey Island, WA

We secure it.
We watch it.
We build on it.

GMTek hardens businesses against real attackers, watches them around the clock, and builds the AI systems and websites that run on top. WordPress lockdown & incident response, Vilkas managed monitoring, AI receptionists, web & local SEO — plus local-first AI products we ship ourselves.

// LIVE vilkas canary-watch · file-integrity baseline green
Book a Discovery Call Meet Vilkas →

Langley, WA  ·  Incident response  ·  Local-first  ·  Licensed & Insured LLC

GMTekAI
2 live breaches evicted· 27+ sites hardened· 14 PCI storefronts remediated· <2s detection (Vilkas)· 9 products shipped· 24/7 monitored
What We Do

Secure it. Watch it.
Build on it. Ship it.

Most shops do one of these. We do the whole arc — and the same engineering discipline runs through all of it. Start anywhere; the lanes connect.

01 · Secure

Security & Incident Response

WordPress lockdown, live breach eviction, PCI checkout remediation, DNS & email-auth hardening. Forensic-grade, plain-English.

  • Multi-phase WP hardening
  • Track-and-evict IR
  • PCI DSS v4.0 remediation
  • Cloudflare / DMARC / DKIM
Explore →
02 · Watch

Vilkas Managed Monitoring

Our own security sentinel platform. Sub-2-second detection, auto-block, file-integrity, DNS-drift — alerts to your phone. The retainer that keeps the work done.

  • Always-on canary + host watch
  • Auto tier-1 blocking
  • Reputation / GreyNoise pre-filter
  • Discord + Telegram alerts
Meet Vilkas →
03 · Build

AI Systems & Web

AI receptionists that never miss a lead, workflow automation, custom business apps, and fast websites with real local SEO — wired into intake.

  • AI receptionists (Vapi)
  • n8n workflow automation
  • Websites + local SEO / schema
  • Custom AI-enabled apps
Explore →
04 · Ship

Local-First AI Products

Licensed, license-audited AI appliances and SaaS for regulated, high-trust verticals — where the data can't leave the building.

  • Case intelligence (forensics)
  • Chartwright / VetWright
  • GovClaw · POD Velocity OS
  • license.gmtek.ai activation
See products →
Flagship · Managed Defense

Vilkas watches
while you sleep.

Built from years of incident-response work, Vilkas is GMTek's own monitoring platform — the engine behind every managed retainer.

🐺

Seven sentinels, one sub-2-second response.

Canary-watch, host-watch, account-watch, source-IP detection, reputation-kill, GreyNoise pre-filter, and tier-1 auto-block — running on your perimeter and reporting to your phone. Destructive actions run shadow-mode-first, so it earns trust before it acts. Live today on our own infrastructure with sub-2-second mean-time-to-detect.

<2s MTTD 7 sentinel components Shadow-first safe actions $200–750+ / mo retainer
How Vilkas works →
Proof

Two deep engagements.
Real attackers. Real money.

Client security work is confidential, so these are anonymized — but the work is real, paid, and ongoing. The whole stack, proven on live businesses.

Security · Retainer · The whole stack

Specialty Auto Shop

Pacific Northwest · credential-stuffing breach

Walked in on an active intruder and a card-testing wave. Evicted the attacker, blocked 36 hostile IPs, ran an 8-phase Cloudflare lockdown, restored a dead payment gateway, rebuilt the website, layered on SEO, stood up two AI receptionists and a custom intake app — now on a managed retainer with Vilkas watching.

36IPs blocked
8-phaselockdown
2AI receptionists
Portfolio lockdown · PCI · Managed

Multi-Brand E-Commerce Group

~27 WordPress installs · ~97 domains

A sprawling portfolio under merchant-of-record PCI enforcement. Hardened every install with custom REST + XML-RPC plugins, migrated the fleet to Cloudflare with Pro WAF, swept SPF/DMARC/DKIM across the domains, and shipped a custom PCI checkout scrubber across 14 storefronts — transitioning to a recurring managed-defense partnership.

27+installs hardened
14PCI storefronts
97domains
See the full body of work →
Web Facelifts & Upgrades

A facelift is the
fastest way in.

Most relationships start with a website. A tired site gets a facelift that looks like nobody else's, loads instantly, and feeds leads straight into intake — then the security, monitoring, and AI layers follow. These are concept redesigns we built to show range; every one runs live on our own infrastructure.

DiRTFish rally school — redesign conceptConcept Demo DiRTFish Rally SchoolMotorsport · Redesign conceptView live demo → Proformance Racing — redesign conceptConcept Demo Proformance RacingMotorsport · Redesign conceptView live demo → Hein Marine — redesign conceptConcept Demo Hein MarineMarine · Redesign conceptView live demo → Pacific GP — redesign conceptConcept Demo Pacific GPConstruction · Redesign conceptView live demo →
Web facelifts & SEO →   All demo builds →
Products We Ship

Local-first AI,
productized.

We don't just consult — we ship licensed products. Local-first appliances for regulated work, plus SaaS that's live today. Activation runs through our own license.gmtek.ai.

🔬
Shipped
Case Intelligence
Forensic Engineering · On-Prem Appliance

Private case-intelligence appliance for expert-witness firms. Multi-agent document recon, evidence reconstruction, source-tiered citations. Ships as on-prem hardware — case data never leaves the firm. Live with its first firm; license-audited before ship.

Local-FirstMulti-AgentLicense-Audited
Read More →
🩺
Sellable · Beta
Chartwright
Clinical Documentation · Local-First

Documentation copilot for physicians — 12 modes from MDM complexity to E/M coding, ICD-10, handoffs, and patient handouts. Runs local (Ollama) for HIPAA, or BYO-key cloud. From $79/mo. VetWright is the veterinary fork.

Local-First12 ModesHIPAA-Aware
Read More →
⚖️
Live
GovClaw
Gov Contracts & Grants · SaaS

Dual-module SaaS for government opportunities. Small businesses search SAM.gov contracts; nonprofits search Grants.gov. AI summaries, transparent fit scoring, saved searches with email digests. Live and usable today.

SaaSAI Fit ScoringEmail Digests
Open GovClaw →
🛍️
Beta
POD Velocity OS
AI-Operated Print-on-Demand · Appliance

A full POD operating system with three surfaces: human cockpit, MCP server (37 tools), and REST API (44 endpoints). Multi-tenant, DGX-deployable, agent-operable. Built for the "agents run the business" future.

MCP ServerREST APIDGX Appliance
Read More →
See all products →
On-Prem AI

Ship the box.
Keep the data.

For regulated, IP-sensitive, and privacy-critical work, several of our products ship as turnkey hardware — inference runs locally, data never leaves the office, and a flat retainer covers patches and on-call.

🛡️
Data sovereignty

Case files, client records, and IP stay on hardware you own. No cloud round-trip required.

📉
Predictable cost

No per-token bills compounding monthly. Hardware plus a flat retainer instead of metered surprise.

🔌
Air-gapped capable

Critical workflows run with no internet connection. External sources are opt-in tools, not dependencies.

🧰
On-prem support

A monthly retainer covers patches, sustaining work, model-roster reviews, and on-call response.

Why GMTek

Why operators
call us back.

🚨
We've handled the real thing

Live breaches, card-testing waves, compromised admins — evicted and hardened, not theorized. The same hands that find it also fix it and watch it after.

🔒
Local, private, accountable

For work that can't go to the cloud, local and hybrid deployments are first-class. Your infrastructure, your data, audited egress where cloud is used at all.

🤝
We stay on the line

One-time work becomes a managed relationship: Vilkas keeps watching, and the operator console we'd want for ourselves is the one we ship to you.

A small studio on Whidbey Island that takes security seriously, builds real systems around how your team actually works, and doesn't disappear after the invoice clears.

Start Here

Got hacked, getting fake orders,
or building something new?

Tell us what's wrong, what you want watched, or what you'd build if it existed. Emergency IR, a hardening engagement, an AI system, a website, or a product — we'll point you to the right lane.

Typical response: same business day  ·  Emergencies prioritized  ·  No generic pitch

GMTekAI
Online — Whidbey Island