The code security platform that enforces trust at every commit.
Paxley is our only product, built to operationalise the NS-CTAF and NS-AIGF frameworks at the point of development. GitHub-native, repo-priced, and designed for enterprises where AI writes a growing share of the code.
We don't describe security.
We measure and prove it.
Other firms deliver compliance reports. Nucleus Systems engineers, measures, and continuously proves digital trust, converting cybersecurity complexity into measurable, defensible, board-level confidence across 40+ countries.
One methodology. One trust score. Applied consistently across 40+ countries and six domains of digital trust.
Framework. Platform. Service.
Every engagement, in that order.
Most consultancies borrow public standards and apply them loosely. Nucleus Systems starts with proprietary frameworks we built, runs them through platforms we developed, and delivers findings through practitioners who know the difference.
Proprietary IP, built from first principles.
Four internally developed frameworks define every control, domain, scoring model and maturity level we use. Not adapted from existing public standards, designed from scratch to make trust scores consistent, comparable and defensible to boards and regulators.
Purpose-built delivery, not point-in-time audits.
Our Cybersecurity Maturity Platform and AI Security Assessment Platform turn framework controls into continuous, automated scoring. Every assessment generates a live trust index, not a PDF that sits on a shelf. Boards see real posture. Regulators accept the output.
Practitioner delivery, specialist, not generalist.
We deploy deep domain specialists across 40+ countries. Every engagement is led by a practitioner who has operated in the sector, understands the regulator's lens, and knows how to translate technical findings into language a board can act on.
From the Nucleus Systems desk
Built by practitioners.
Driven by trust.
Every engagement at Nucleus Systems is led by a specialist who has operated in the sector, not a generalist analyst reading a playbook. We deploy people with decades of hands-on experience in the most demanding regulated environments globally.
26+ years across African and Middle Eastern banking, payments and digital public infrastructure. Former Alinma Bank and MTN Fintech. Led 150+ M&A cyber due diligence engagements. Co-creator of OpenSwitchAfrica.
Our practitioners have built cryptographic systems for tier-one banks, led regulatory compliance programmes for central banks, architected cloud security for payment rails and contributed to the open-source platforms that underpin digital public infrastructure across Africa, the Middle East, and Europe.
This depth of direct operational experience is what separates us from advisory-only firms. When we assess your security posture, design your AI governance structure, or lead your M&A cyber due diligence, we are drawing on real-world knowledge, not frameworks read from a textbook.
Four domains of digital trust. Each with its own framework, platform and service.
Cybersecurity Trust & Resilience
188 controls across 6 NIST-aligned domains. L1→L5 maturity scoring. Board-ready trust index and remediation roadmaps.
AI Trust & Governance
60 controls across 7 governance domains. EU AI Act, ISO 42001 and NIST AI RMF aligned. AI system risk classification and governance assurance.
AI Security & Assurance
108 controls across 12 security domains. GenAI, Agentic AI and MLSecOps threat modelling and control validation.
Code Trust & Secure Digital Delivery
86 controls across 6 trust domains. CTA-1→CTA-4 certification. DevSecOps, SBOM governance, AI-assisted code security. Delivered via Paxley.
Where frameworks meet
specialised market demands.
Beyond the four core pillars, Nucleus Systems delivers specialist solutions in domains that require deep contextual knowledge, from payment rails to post-quantum cryptography.
24/7 MDR delivered in partnership with CyberOne MSSP, anchored to NS-CMMF maturity context. Threat detection with trust measurement built in, not bolted on.
Learn more →Security architecture for payment rails and digital public infrastructure across emerging markets. Mojaloop, Tazama, COMESA and PCI DSS expertise, deployed where trust is both mission-critical and newly built.
Learn more →Security assurance for national identity programmes and verifiable credential infrastructure. MOSIP, OpenG2P, W3C VC and DID ecosystem, securing identity at population scale.
Learn more →Mobile money, agent banking and microfinance security across Africa, Asia and the Pacific. Trust assurance where financial infrastructure is still being built.
Learn more →CBOM analysis, PQC readiness assessments, crypto agility architecture and NIST PQC migration roadmaps. Prepare for CRQC-era cryptographic risk now.
Learn more →