Loading the catalogue…
Loading the catalogue…
Poolside is a US-based, privately held foundation-model lab specialising in AI-powered software engineering, with operations split between San Francisco and Paris. All models (Malibu, Point, Laguna) are proprietary and deployed exclusively within customer environments; no open weights have been released. The organisation carries elevated risk for EU regulated customers: it is headquartered in the US and therefore fully CLOUD Act and FISA 702 exposed, it counts In-Q-Tel (CIA) among its investors, and it holds active contracts with US defence industrial base companies and is actively pursuing Israeli defence sector sales — postures that are likely incompatible with EU public-sector and sensitive-data procurement rules.
Poolside is headquartered in the United States and is therefore fully exposed to CLOUD Act and FISA Section 702 orders. US authorities can compel the company to produce data or assist with access, regardless of where customer data is processed. The current Stav CLOUD Act value of 'false' is incorrect and must be corrected.
In-Q-Tel — the investment arm of the CIA — is a confirmed investor in Poolside. This relationship creates intelligence-community access risk and reputational concerns for EU public-sector customers deploying AI in sensitive contexts.
Poolside holds contracts with the US defence industrial base (RTX/Raytheon, US DoD) and is actively pursuing sales to Israeli defence companies. This posture is likely incompatible with EU public-sector procurement rules and may conflict with national security policies in several EU member states.
No EU AI Act compliance statement, model cards, training data summaries, or GPAI Code of Practice participation found. For EU customers deploying Poolside models in regulated sectors, the lack of Article 53 documentation creates a compliance gap.
No public DPA template, DPO contact, or EU data transfer mechanism (SCCs/adequacy) documentation found. EU customers processing personal data via Poolside's platform cannot verify GDPR compliance posture from public sources alone.
No published security certifications (SOC 2, ISO 27001), bug bounty programme, or vulnerability disclosure policy found. Security page returns 404. Enterprise customers in regulated sectors typically require these assurances.
Training compute for frontier Laguna/Malibu models not publicly disclosed. Given the company's 2GW compute infrastructure build and 41,000+ Blackwell GPU acquisition, future models may cross the EU AI Act systemic risk threshold (>10^25 FLOPs), triggering additional GPAI obligations.
Stav AI Act assessment
Editorial assessment, not legal advice. Stav's risk ratings, scores, and verdicts are our own analysis of publicly available information and may be incomplete or out of date. Verify independently before making compliance or procurement decisions.
Poolside's core deployment model — on-premises, within the customer's VPC or air-gapped network — means customer code and data never leave the customer's environment, providing genuine data sovereignty for enterprise deployments.
Well-funded private lab with backing from Bain Capital, Nvidia, and major institutional investors; actively scaling infrastructure (Project Horizon) and releasing new model families (Laguna M.1, April 2026). No signs of financial distress or contraction.
Platform marketed as supporting air-gapped deployments, role-based access control, audit logs, and full agent traceability; designed to meet CISO requirements, suggesting internal security maturity even in the absence of public certifications.
AWS Bedrock partnership provides an optional managed-service deployment path that inherits AWS's own SOC 2 / ISO 27001 controls and AWS's EU data residency options, partially mitigating security and data-residency concerns for customers who deploy via Bedrock.
Founding team has deep domain credibility: Jason Warner was CTO of GitHub (where GitHub Copilot was incubated) and Eiso Kant built an earlier AI-for-software-development company, giving the team relevant track record in the AI coding domain.
Published safeguards & certifications
Privacy policy review
Creator profile
Poolside is a United States entity. Training data and weights produced under United States-jurisdiction are covered by the CLOUD Act.
Exposed on training. Inference is unaffected when hosted on Stav infrastructure inside the EEA.
Stav compliance has not yet scored Poolside. Scores are published once the policy review and infrastructure assessment complete.
Findings
Citations gathered when the Compliance Curator last reviewed this creator’s public-facing documents. Grouped by source so the picture stays auditable.
“Poolside Foundation Models (Laguna M.1, Laguna XS.2); Poolside AI Assistant; pool (terminal-based coding agent); Shimmer (browser-based development en...”
“Among the investors in the company is the CIA's investment arm In-Q-Tel, together with Bain Capital Ventures and Redpoint. ”
Deploy on-prem, in your VPC or on workstations (defense only). Your data never leaves your control.
Headquartered in the U.S., with a team distributed across both the U.S. and Europe, poolside has built a full stack solution, from foundation model to...
The product is not open to the public as of May 2025.
Poolside AI or poolside is an American startup developing artificial intelligence to write computer software and coding applications.
Among the investors in the company is the CIA's investment arm In-Q-Tel, together with Bain Capital Ventures and Redpoint.
The foundation includes two core models: Malibu, a high-capacity model optimized for complex tasks like multi-file code generation, test creation, and...
Poolside Foundation Models (Laguna M.1, Laguna XS.2); Poolside AI Assistant; pool (terminal-based coding agent); Shimmer (browser-based development en...
Deploy on-prem, in your VPC or on workstations (defense only). Your data never leaves your control.
Headquartered in the U.S., with a team distributed across both the U.S. and Europe, poolside has built a full stack solution, from foundation model to...
The product is not open to the public as of May 2025.
Poolside AI or poolside is an American startup developing artificial intelligence to write computer software and coding applications.
Among the investors in the company is the CIA's investment arm In-Q-Tel, together with Bain Capital Ventures and Redpoint.
The foundation includes two core models: Malibu, a high-capacity model optimized for complex tasks like multi-file code generation, test creation, and...
Poolside Foundation Models (Laguna M.1, Laguna XS.2); Poolside AI Assistant; pool (terminal-based coding agent); Shimmer (browser-based development en...
“Poolside AI or poolside is an American startup developing artificial intelligence to write computer software and coding applications. ”
“Deploy on-prem, in your VPC or on workstations (defense only). Your data never leaves your control. ”
“Headquartered in the U.S., with a team distributed across both the U.S. and Europe, poolside has built a full stack solution, from foundation model to...”
“The product is not open to the public as of May 2025. ”
“The foundation includes two core models: Malibu, a high-capacity model optimized for complex tasks like multi-file code generation, test creation, and...”
As classified under Regulation (EU) 2024/1689.
Provider of GPAI model (general-purpose).