AI development company for Canberra federal-adjacent, defence-adjacent (DSTG, ASD) & Crown corporation vendors.

We do not operate a Canberra office. Aiinfox runs from our Mohali, India HQ and a Frisco, TX office. For Canberra clients we deliver with a clean four-hour afternoon AEST/AEDT overlap from Mohali (9am IST is 2pm AEST winter / 3pm AEDT summer) and the same senior engineers run twice-weekly demos in Canberra business hours. For on-site engagements at Russell Offices, Parkes, Barton, Civic, Fairbairn, or the ANU campus (kickoff, milestone reviews, security walk-throughs at OFFICIAL or below), we travel to Canberra on a scheduled cadence rather than maintaining a sub-scale local presence.

No — and we are explicit about that on the first call rather than after the contract is signed. The Information Security Registered Assessors Programme (IRAP) is the Australian Government's cyber-security assessment framework, and IRAP-assessment of a vendor's own platform is the standard control for Australian-Government cloud-hosted services. Aiinfox is a foreign engineering provider, not an Australian-hosted SaaS, so IRAP assessment of our own platform is not the relevant control structure. What we do for PROTECTED-classified Canberra engagements is structure the work to fit inside an existing IRAP-assessed cloud boundary (typically Azure Australia Central or AWS Australia at the appropriate PROTECTED classification, with the IRAP assessment held by the cloud provider and your delivery prime — often one of the major Australian systems integrators); our engineering connects over a privileged-access path that your security team controls. For TOP SECRET or compartmented work, that is categorically outside what Aiinfox delivers and we will say so on the first call.

ASD ISM (the Information Security Manual maintained by the Australian Signals Directorate) and the PSPF (Protective Security Policy Framework) are the load-bearing federal-government security frameworks for OFFICIAL-classified and above, and we map relevant controls into the engagement scope from day one. The ISM cyber-security controls — identification and authentication, access control, system monitoring, cryptography — and the PSPF protective security policies are documented as part of normal delivery rather than retrofitted at audit time. For UNCLASSIFIED and OFFICIAL-classified work (which describes a meaningful share of federal AI-buyer engagements at the application layer), we deliver the senior engineering directly inside the customer's Australian cloud account. For PROTECTED, we structure the work inside an existing IRAP boundary as described above.

Strong, and the same overlap window as Sydney and Melbourne since the ACT observes AEDT (UTC+11) in summer and AEST (UTC+10) in winter, with DST changeover in October and April. From Mohali IST (UTC+5:30), our 9am IST is your 2pm AEST winter / 3pm AEDT summer, giving a clean four-hour afternoon overlap with the Canberra working day every weekday. Daily standups, twice-weekly demos, and most ad-hoc problem-solving sessions land inside that window. Written async updates land before your morning. For engagements needing morning Canberra coverage as well, we extend to early-IST starts on a planned cadence.

Yes. Our engagement defaults are aligned with the Privacy Act 1988, the 13 Australian Privacy Principles, and the Notifiable Data Breaches scheme. DPAs are signed before any personal information is shared, and we run a Privacy Impact Assessment for engagements processing personal information at scale or involving sensitive information. For federal-adjacent engagements with citizen-personal-information scope (Services Australia-adjacent, ATO-adjacent, Department of Home Affairs-adjacent), we layer the federal agency's own Privacy Management Plan and IPS (Information Publication Scheme) obligations on top of the APP baseline.

Carefully and explicitly. The Defence Trade Controls Act 2012 controls the supply, brokering, and publication of certain defence-related and dual-use goods, software, and technology. For DSTG-adjacent and Defence-research engagements at OFFICIAL or commercial-confidential scope where DTCA-controlled technical data is in scope, we treat technical-data handling as a load-bearing constraint. Self-hosted Llama 3 on vLLM inside the customer's Australian VPC is the default — no controlled technical data ever transits a managed-inference API endpoint. The engagement scope is structured so controlled material is clearly bounded, audit logs capture every prompt and tool call, and we will tell you on the first call if your specific scope requires Australian-national-only delivery — outside what Aiinfox can offer alone, in which case we recommend an Australian delivery prime.

Your call on the region. For federal-adjacent work at OFFICIAL or below, AWS ap-southeast-2 (Sydney) is the broadest-catalogue AU primary region and the default. For PROTECTED-classified workloads, Azure Australia Central (Canberra) is the standard option because it sits inside an IRAP-assessed PROTECTED cloud boundary, with the IRAP assessment held by Azure and your delivery prime. AWS Australia regions support PROTECTED for specific services at specific classifications — we will check current scope on the call. For inference, we route Claude or GPT-4o to an Australian region depending on classification and DPA, or we self-host Llama 3 on vLLM inside your Canberra Australian VPC for zero third-party inference.

Most v1 engagements at Aiinfox land between AUD 40,000 and AUD 180,000 fixed-price for a focused build — an AI agent, a RAG system, a voice pipeline, or a bespoke ML model. Larger multi-quarter engagements with fine-tuning, custom evals, PSPF / ASD ISM-aligned compliance work, or DTCA-aware defence-research work typically reach AUD 220,000 to AUD 400,000. Pilots are usually AUD 15,000 to AUD 28,000 with acceptance criteria written into scope. Canberra clients invoice in AUD via bank transfer or USD by preference. Cost difference versus a Sydney or Melbourne consultancy is roughly 40 to 60 percent on senior rates.