Cyberium Limited is a London-based cyber and AI-security company. We build NEXUS, an AI-driven framework that industrialises security governance and orchestrates AI agents under human command, for governments, law enforcement and global enterprises.
Regulated organisations face a widening gap: threats move at machine speed, while governance, audit and accountability still move at human speed. Cyberium closes that gap. NEXUS lets AI agents carry the technical load while humans keep command, control and compliance posture, so the CISO function can finally scale.
AICA, the Artificial Intelligence Cybersecurity Agency, is Cyberium's cyber-intelligence business unit. It fuses OSINT and dark-web data into a structured knowledge graph of companies, boards, investors and exposure, then turns that data into worldwide intelligence benchmarks that steer, or reverse, high-stakes decisions.
Establish the bases of intelligence: scope, sources, logic and hidden information, mapping the battleground of top companies per industry and country into a single reference hypercube.
Collect information across web and dark web with a defined time depth, organise it as documents in a NoSQL repository, and build the relationships that turn raw data into intelligence.
Deliver worldwide intelligence benchmarks with historical depth, rebuilding ownership, relationships, financials and exposure across the timeline to support, or revert, decisions.
Risk BI suite for quantitative and qualitative risk assessment, dynamic dashboards, sectoral benchmarking and AI prioritisation of remediation by business impact, with predictive identification of emerging vulnerabilities.
Compliance assessment tool: automated mapping of NIS2, DORA, GDPR and EU AI Act requirements, maturity indicators, remediation plans and reports tailored for regulators and management.
Threat-modeling solution powered by the AICA DB, continuously updated with sector-specific attack vectors, and AICA's proprietary AI core and agents.
Product lines span the full cycle: SCOUT, STRESS, ASSESS and ADDRESS, from external exposure scouting to board-grade remediation economics.
Author, architect and editor of the NEXUS framework, Raffaele brings 24 years of experience in cybersecurity and AI security, with recent focus on securing AI products in regulated banking environments. His vision spans cyber, risk and information-system security, extended to the specific risks of ML / LLM / RAG models and AI agents, and to AI governance, NIST AI RMF, MITRE ATLAS, OWASP LLM Top 10, ISO 42001 and the EU AI Act.
He has held CISO and Deputy CISO roles in banking (Dexia, BNP Paribas, Crédit Agricole, AXA, Crédit du Nord), familiar with DORA, NIS2 and GDPR compliance and the anticipation of the AI Act. He bridges deep technical requirements, security architecture, threat modeling, secure coding, DevSecOps and MLSecOps, with the political stakes of governance before the COMEX, the Risk Directorate and audit.
Founder. Architecture and programme direction of NEXUS (AI Autonomous Cyber Operations), CISO transition management.
Chief Information Security Officer for the group. SSI roadmap, 12-person team build, NIST CSF, DORA and NIS2 readiness, plus an AI & automation PoC programme (Microsoft, with Anthropic / OpenAI / AWS Bedrock benchmark).
Cybersecurity Senior Consultant, Application Security Architect. Security Architecture Review service and committee, AISRA and access-rights reviews.
Lead of Cybersecurity & MCO stream, application decommissioning and archiving across in-scope sites.
CISO / RSSI for the Bourse de Commerce museum. SOC tender, PSSI, business continuity, security audits.
Information Security Domain Manager, CISO Build-to-Run & Problem Manager. International RUN supervision (USA, Germany), Symantec architecture.
Total, AXA, Crédit du Nord (Société Générale), Safran Landing Systems, Kodak, BNP Paribas, Citigroup, Crédit Agricole. Security architecture, infrastructure and CTI programmes.
IT Director.
Five operational guides across four languages,
with an EU AI Act title forthcoming in 2026.
Operational guide to the EU network and information-security directive.
Digital operational resilience for the financial sector.
Rights and obligations around data access and sharing.
Operational guides to European regulation.
Forthcoming, 2026.
US 63/050,511, Sovereign Cryptocurrency on Public Blockchain Serving as Central Bank Currency.
ISO/IEC 27001:2022 Lead Auditor & Risk Manager. ISO 22301 Lead Implementer / Auditor. ISO 9001. Anti-Corruption & Compliance Auditor (Univ. of Pennsylvania). Micro Focus Fortify (SAST). IBM Cybersecurity Analyst, Penetration Testing & Forensics. Microsoft Azure AI-900 / AZ-900 / DP-900.
PhD in Physics. Laurea in Physics (cum laude). Harvard CS50. Oxford, Complexity and Systemic Risk seminar.
Dexia, BNP Paribas, Crédit Agricole, AXA, Société Générale / Crédit du Nord, AREVA / ORANO, Total, GSK, ADP, Safran, Kodak, Citigroup, Pinault Collection.
Request a confidential briefing and meet the people building autonomous, accountable cyber AI.
Request a Briefing →