Dilip Singh is a Lead AI Architect and AI developer based in Delhi, India. He has 14+ years of experience building enterprise AI chatbots, AI assistants, multi-agent platforms, RAG pipelines, and ontology-driven knowledge systems. He is Lead Software Architect at Hureka Technologies and has delivered 118+ production projects globally.

Is Dilip Singh an AI developer?

Yes. Dilip Singh is a senior AI developer and architect specializing in production AI systems — LLM orchestration, RAG pipelines, AI chatbots, voice AI assistants, and multi-agent platforms. He works with Claude, OpenAI, Ollama, Qdrant, Temporal, Next.js, and FastAPI.

Does Dilip Singh build AI chatbots and AI assistants?

Yes. Dilip builds enterprise AI chatbots and AI assistants with RAG grounding, multi-channel deployment (web, Slack, Teams), human approval workflows, and per-tenant knowledge bases. Flagship projects include Hureka AI (BYOK support platform) and AImind Agent Hub (multi-agent chat, email, and voice).

Does Dilip Singh work with ontology and knowledge graphs for AI?

Yes. Dilip designs semantic ontologies and knowledge graphs to structure AI retrieval — taxonomy design, entity relationships, and RAG grounding for more accurate AI assistant and chatbot responses. His blog covers ontology-driven content architecture for AI systems.

What services does Dilip Singh offer for freelance AI projects?

Dilip Singh offers AI architecture consulting, AI chatbot development, AI assistant systems, ontology/RAG design, multi-agent AI development, voice AI integration, enterprise SaaS architecture, Drupal-to-modern migration, and CTO-as-a-service for startups.

Is Dilip Singh available for remote freelance work?

Yes. Dilip is based in Delhi, India (IST/Asia timezone) and works with clients globally including USA, Canada, Tanzania, and Europe. Engagements include hourly consulting, fixed-price projects, and monthly retainers.

What is the typical project budget for AI architecture work?

Project budgets vary by scope. AI MVP development typically starts from $15,000, multi-agent AI platforms from $30,000, and enterprise AI architecture engagements from $50,000+. Discovery calls are free to scope requirements.

How quickly does Dilip Singh respond to project inquiries?

All inquiries receive a response within 24 hours. Urgent projects can be discussed via email at dilip@hurekatek.com or WhatsApp.

What technologies does Dilip Singh specialize in?

Core expertise includes AI chatbots, AI assistants, multi-agent AI, RAG pipelines (Qdrant, Pinecone), ontology/knowledge graphs, LLM orchestration (Claude, OpenAI, Ollama), voice AI (Pipecat, LiveKit, Whisper), Next.js, FastAPI, Temporal, Docker, Kubernetes, and enterprise Drupal/Laravel systems.

All posts

Series: AI Systems at Scale · Part 4 of 5

1. Building Production Multi-Agent AI Systems 2. RAG Pipeline Design 3. Why Temporal is the Best AI Workflow Orchestrator (and How to Use It)4. BYOK AI SaaS Architecture 5. LangGraph for Production

SaaS ArchitectureAdvanced2025-01-05·14 min read

BYOK AI SaaS Architecture: AES-256, Multi-Tenancy & LLM Adapters

How I architected Hureka AI — a BYOK (Bring Your Own Key) multi-tenant AI SaaS. AES-256 encryption for API keys, and a unified LLM adapter pattern for Anthropic, OpenAI, Google, and Ollama.

BYOK SaaS Security AES-256 Multi-Tenant LLM Architecture

What is BYOK?

BYOK (Bring Your Own Key) means customers connect their own LLM API keys. Your SaaS platform never stores raw keys — instead you encrypt them before storage and decrypt only at runtime during inference.

This is critical for enterprise customers who have their own OpenAI Enterprise contracts, Anthropic API access, or want to run Ollama on-premise.

Encryption Architecture

typescript

import { createCipheriv, createDecipheriv, randomBytes } from 'crypto'

const MASTER_KEY = Buffer.from(process.env.MASTER_ENCRYPTION_KEY!, 'hex')

export function encryptApiKey(plaintext: string): string { const iv = randomBytes(16) const cipher = createCipheriv('aes-256-gcm', MASTER_KEY, iv)

const encrypted = Buffer.concat([ cipher.update(plaintext, 'utf8'), cipher.final() ]) const authTag = cipher.getAuthTag()

return Buffer.concat([iv, authTag, encrypted]).toString('base64') }

export function decryptApiKey(ciphertext: string): string { const data = Buffer.from(ciphertext, 'base64') const iv = data.subarray(0, 16) const authTag = data.subarray(16, 32) const encrypted = data.subarray(32)

const decipher = createDecipheriv('aes-256-gcm', MASTER_KEY, iv) decipher.setAuthTag(authTag)

return Buffer.concat([decipher.update(encrypted), decipher.final()]).toString('utf8') } ```

The Unified LLM Adapter Pattern

typescript

interface LLMAdapter {
  complete(messages: Message[], options: CompletionOptions): Promise<string>
  stream(messages: Message[], options: CompletionOptions): AsyncGenerator<string>
}

class AnthropicAdapter implements LLMAdapter { private client: Anthropic constructor(apiKey: string) { this.client = new Anthropic({ apiKey }) } async complete(messages: Message[]) { / ... / } }

function createAdapter(org: Organization): LLMAdapter { const key = org.llmProvider === 'ollama' ? '' : decryptApiKey(org.encryptedApiKey) switch (org.llmProvider) { case 'anthropic': return new AnthropicAdapter(key) case 'openai': return new OpenAIAdapter(key) case 'google': return new GoogleAdapter(key) case 'ollama': return new OllamaAdapter(org.ollamaUrl, org.ollamaModel) } } ```

Multi-Tenant Data Isolation

Every database query is filtered by organizationId via Prisma middleware:

typescript

prisma.$use(async (params, next) => {
  if (params.action === 'findMany' || params.action === 'findFirst') {
    params.args.where = {
      ...params.args.where,
      organizationId: getCurrentOrganizationId()
    }
  }
  return next(params)
})

Security Checklist for BYOK SaaS

1Master key rotation — Support rotating the master encryption key without re-encrypting all tenant keys at once.
2Audit every decryption — Log when, by whom, and for what purpose each key was decrypted.
3Short-lived decrypted values — Keep decrypted API keys in memory only for the duration of a single request; never persist them.
4Separate key storage — Store encrypted keys in your application database, but store the master key in a secrets manager (AWS Secrets Manager, Vault).

Dilip Singh

Lead Software Architect · Hureka Technologies

14+ years building enterprise software and AI systems. Architecting multi-agent AI platforms, RAG pipelines, voice AI, and high-performance SaaS for global clients.

Hire me →About →

SaaS Architecture · 17 min read

Building AI-Powered SaaS Products: From Architecture to First Revenue

SaaS Architecture · 13 min read

Multi-Tenant Database Design: Schema, Row-Level, or Per-Tenant DB?

AI Architecture · 12 min read

Building Production Multi-Agent AI Systems: Architecture Patterns

All posts Work together