Insights · Case Studies

Outcomes, in production.

Selected engagements, fully anonymised. Real systems we designed, secured, and put into production — and the measured results they delivered.

Banking · Compliance

−80%

hallucination rate

RAGEvaluationEU AI Act

A regulated-finance copilot the risk committee could approve.

Problem: A compliance team relied on a general-purpose LLM copilot that produced confident but unreliable answers, blocking it from production use under model-risk policy.
Solution: We built a retrieval-augmented architecture grounded in the bank's proprietary regulatory corpora, with a continuous evaluation harness measuring accuracy against a ground-truth set.
Impact: Hallucination rate cut by over 80% versus the baseline model. The system passed internal AI governance and went live for first-line compliance teams.

Insurance · Operations

10×

faster triage

Agentic AIHuman-in-the-loopObservability

Problem: Manual claims triage was slow and inconsistent, with senior adjusters spending most of their time on routing rather than judgement.
Solution: We deployed autonomous agents to handle high-volume routing autonomously, with human-in-the-loop checkpoints on every high-consequence decision, fully logged and reversible.
Impact: Triage throughput increased roughly tenfold on routine cases, with consistent decisioning and adjusters refocused on complex claims.

Industrial · Cybersecurity

100%

external surface mapped

EASMNIS2Continuous monitoring

Problem: A multi-site industrial group had no continuous visibility on what it exposed to the internet — domains, services, and forgotten assets accumulated across acquisitions.
Solution: We deployed continuous external attack-surface management (EASM), mapping every internet-facing asset and scoring exposure against known threat patterns.
Impact: The full external surface was mapped and critical exposures were prioritised and remediated, with continuous monitoring tied to NIS2 readiness.

Asset Management · Third-Party Risk

Continuous

vendor scoring

Third-Party RiskEASMDORA

Problem: Third-party security was assessed through static, point-in-time questionnaires that were stale the moment they were filed.
Solution: We instrumented continuous scoring of each vendor's real, internet-facing attack surface, surfacing new exposures as they appeared rather than at the next review.
Impact: Vendor onboarding accelerated and aggregate third-party exposure fell, with a single live view for the risk function.