Machine Spirits Logo

MDR CLASS IIa/IIb & SaMD EXPERTS

Security for Critical
Medical Devices.

Specialized penetration testing for MDR Class IIa/IIb, SaMD, and AI. We bridge the gap between offensive security and IEC 81001-5-1 compliance to get your device certified.

View Medical ServicesGet Audit Ready

Our Services

We provide a comprehensive suite of cybersecurity services to protect your business from ever-evolving digital threats.

Penetration Testing

Professional penetration testing that thinks like attackers do – uncovering vulnerabilities before malicious actors can exploit them. We provide Risk-Prioritized Vulnerability Findings mapped to CVSS/CWE standards, enabling your engineering team to fix critical safety risks immediately.

Security Consulting

Strategic security consulting from seasoned experts. We provide guidance on tailored security architectures that scale with your business growth and proactively meet regulatory requirements.

Secure Code Review

Thorough code analysis by experienced developers – we don't just find security flaws, we provide actionable fixes. Reduce risk and accelerate secure releases.

Application Security

Our security expertise spans across various application types and technologies, ensuring comprehensive protection for your digital assets.

Mobile App Security

Comprehensive security audits and penetration testing for iOS and Android applications to identify and remediate vulnerabilities before attackers can exploit them.

Web Application Security

In-depth vulnerability assessments and security testing for web applications, protecting against OWASP Top 10 vulnerabilities and beyond.

API Security

Expert analysis and testing of API endpoints to prevent unauthorized data access, ensuring secure resource access control and proper authentication.

AI Security

Specialized security assessments for AI/ML models, focusing on model manipulation, data extraction risks, and prompt injection vulnerabilities.

Focus Areas

We specialize in providing tailored security solutions for specific industries and company types, with a deep understanding of their unique challenges.

Medical Device Manufacturers

Audit-ready security assessments for MDR Class IIa/IIb manufacturers. We provide technical evidence for Notified Body certification, validating the security outcomes required by IEC 62304 and IEC 81001-5-1.

Startups

Agile security solutions designed for fast-moving companies, balancing robust protection with the need for rapid development and growth. We help startups meet compliance requirements and build customer trust from day one.

Small Businesses

Right-sized security solutions for small teams and businesses, making professional-grade cybersecurity accessible without enterprise-level budgets or resources. We support regulatory compliance and practical risk management for growing companies.

Start Your Security Assessment

Our Specializations

We focus on the most critical and complex areas of cybersecurity, providing deep expertise where it matters most for your regulatory compliance and business success.

MDR Class IIa/IIb Security

Security testing and validation for SaMD according to IEC 81001-5-1.

IEC 81001-5-1 & IEC 62304 Security Testing
Notified Body Audit Defense & Preparation
Post-Market Surveillance (PMS) Cybersecurity
ISO 14971 Security Risk Validation

DiGA Security & BSI Compliance

Your expert partner for DiGA compliance – we provide specialized consulting to implement BSI TR-03161 requirements and prepare your application for successful BfArM approval.

BSI TR-03161 Security Testing & Validation
Strategic preparation for external BSI audits

AI/LLM Security

Cutting-edge security assessments for AI and Large Language Model applications, addressing emerging threats in machine learning systems.

Prompt injection and manipulation testing
Model security and adversarial robustness
Data extraction and privacy protection
Adversarial attack resistance evaluation

Mobile Application Security

Deep mobile security expertise covering iOS and Android applications with focus on advanced protection mechanisms and compliance requirements.

Runtime manipulation detection (root/jailbreak)
Anti-debugging and tampering protection
Certificate pinning and MitM prevention
Code obfuscation and integrity verification

Web Application Security

Comprehensive web application security testing covering modern frameworks, single-page applications, and complex business logic.

OWASP Top 10 and advanced vulnerability assessment
Single-page application and modern framework security
Authentication and session management testing
Business logic flaw identification

Backend & API Security

In-depth backend system and API security assessments, including cloud infrastructure and microservices architectures.

REST/GraphQL API security and OWASP API Top 10
Cloud security configuration and best practices
Microservices architecture security
Infrastructure and container security

Need Expert Security Assessment?

Whether you're preparing for regulatory approval or strengthening your security posture, we have the specialized expertise to guide you through the most complex requirements.

Schedule Expert Consultation Now

The Machine Spirits Advantage

Machine Spirits brings together academic rigor and industry leadership to deliver specialized cybersecurity expertise for your most critical assets.

Professional Security Expertise

Our qualified team combines academic precision with 25+ years of real-world experience. The result: Deep security analysis that not only uncovers problems but provides cost-effective solutions – accelerating your time to market and increasing customer confidence.

Tailored Security Solutions

No one-size-fits-all solutions – we design security strategies perfectly aligned with your technology and business goals. Minimize risks without unnecessary costs while accelerating your compliance journey.

Results That Drive Business Value

Instead of complex reports, you get clear, prioritized action plans with concrete implementation steps. Your teams can start immediately, reducing risks while keeping time and budget in focus.

Understanding the Notified Body Mindset

We bridge the gap between offensive security and regulatory compliance. Our expertise in MDCG 2019-16 and IEC 81001-5-1 means we deliver the independent security validation Notified Bodies require, not just vulnerability lists. We speak both languages: technical depth and audit readiness.

Protect Your Digital Business – Starting Today

Begin with a professional security assessment and get actionable steps to protect your valuable data.

Request Security Consultation

Our Team

Meet our qualified penetration testing experts who combine academic research excellence with decades of practical cybersecurity experience, specializing in medical device security and regulatory compliance.

Dr. Simon Weber Profile

Dr. rer. nat. Simon Weber

Lead Penetration Tester & Medical Device Security Researcher

PhD security researcher who found critical vulnerabilities in hospital systems. Leading member of MedSec research group. Simon turns academic rigor into practical solutions that protect real patients.

Education:PhD in Network Security, University of Düsseldorf. M.Sc. Computer Science
Experience:IT Security Advisor at HHU Rectorate, CERT team member, penetration testing experience at usd AG
Specialization:Medical device security, critical infrastructure, network security, MDR compliance
Volker Schönefeld Profile

Dipl.-Inf. Volker Schönefeld

Senior Penetration Tester & Application Security Expert

20+ years as CTO. 50+ million app downloads. Teams up to 35 experts. IoT fleets with thousands of devices. Volker brings deep security expertise and makes complex compliance simple.

Education:Diploma in Computer Science (equiv. Master's), RWTH Aachen University. Research at UC San Diego (UCSD) during diploma thesis.
Professional Development:CBBH certified hacker with continuous security research and practical skills development through various platforms and methodologies
Specialization:Medical device security (penetration testing, DiGA assessments), enterprise security (IoT, secure architecture, SDLC consulting), application security (mobile, web, AI)

Our Achievements & Expertise

Medical Device Compliance

Expert penetration testing for SaMD and DiGA applications following industry standards

Academic Research

PhD-level research in hospital security and critical infrastructure protection

Practical Experience

Extensive hands-on security testing and continuous professional development

25+ Years Combined

Extensive experience in cybersecurity, development, and regulatory compliance

What Our Clients Say

Trusted by leading companies for their security needs

Noah Labs GmbH logo
Machine Spirits helped uncover vulnerabilities in our platform early with a structured and in-depth pentest before we went through MDR certification. The clear reports and pragmatic communication helped us quickly close security gaps and efficiently update our documentation.
Marcus Hott
CTO, Noah Labs GmbH
Elona Health GmbH logo
As a security partner for our DiGA, Machine Spirits impressed us with their in-depth pentests. Their competent TR-03161 consulting and clear recommendations were crucial in meeting the demanding BSI requirements quickly and securely.
Leon Hillebrandt
CTO, Elona Health GmbH
relios.vision GmbH logo
Very pleasant collaboration with Volker and Simon from Machinespirits. Both are extremely professional and very flexible. We would be happy to continue working with Machinespirits in the future.
Dr. Martin Garbade
CTO, relios.vision GmbH
View All Testimonials

Contact Us

Ready to secure your digital assets? Our team of cybersecurity experts is here to help.

Phone

+49 221 65031192

Email

[email protected]

Response Time

We typically respond to all inquiries within 24 hours during business days.

Average response time: 6-12 hours

Call UsEmail Us