THREAT INTELLIGENCE · FINANCIAL SERVICES · BC
When three feeds disagreed on the same campaign
A mid-market credit union subscribed to multiple commercial threat feeds but received conflicting indicators about an active credential-harvesting wave targeting Canadian financial institutions. Their small security team spent hours reconciling contradictions instead of updating detection rules.
Threat Neural AI synthesized vendor feeds with open-source reporting and the credit union's own login telemetry. We produced a single ten-page briefing document mapping the campaign's infrastructure, preferred lures and recommended detection additions. Analyst attribution accompanied every indicator so the team knew confidence levels and source lineage.
Within three weeks, tuned rules caught two further variants that no single feed had flagged in isolation. The credit union's board received a quarterly assurance summary written in language they could act on — not raw STIX exports.
Client response review — containment steps verified before escalation.
Analyst dossier — every finding traceable to source and timestamp.
NEURAL DETECTION · HEALTHCARE · ALBERTA
Baseline drift after a cloud migration
A regional healthcare provider migrated clinical applications to a new cloud region over a single weekend. On Monday, their SIEM generated four times the usual alert volume. Most were benign — new IP ranges, changed authentication flows — but buried among them were two genuine policy violations.
We rebuilt behavioural baselines within seventy-two hours, routing every neural-model flag through analyst triage before it reached the client's on-call rotation. False-positive volume dropped by eighty-seven percent over six weeks while maintaining detection of the policy violations that had triggered the engagement.
Deliverables included updated runbooks, a migration checklist for future infrastructure changes and a monthly assurance report for their privacy officer documenting what was monitored and what remained outside scope.
LLM GUARDRAILS · TECHNOLOGY · ONTARIO
Internal copilot with access to HR records
A technology company deployed an internal LLM assistant with read access to HR documentation. Engineering wanted speed; the CISO wanted guardrails before the pilot expanded. Threat Neural AI assessed prompt injection surfaces, output filtering gaps and logging deficiencies.
We implemented role-based query limits, sensitive-topic blocklists, human review gates for bulk exports and audit trails suitable for their next privacy impact assessment. Authorized red-team prompt testing demonstrated residual risks the client accepted with documented compensating controls.
The engagement concluded with a board-ready summary connecting model behaviour to PIPEDA obligations — without claiming the copilot was "safe," but documenting what was controlled and what required ongoing monitoring.
ADVERSARIAL TESTING · CRITICAL INFRASTRUCTURE · BC
Purple team before the audit season
An energy-sector operator faced a regulatory audit requiring evidence of tested incident response capability. They had playbooks on paper but no recent exercise record. We designed a two-week purple-team programme: controlled phishing against consenting staff, simulated lateral movement within defined subnets and a tabletop exercise for executive stakeholders.
Findings included three detection gaps, one outdated contact list and a communication delay that would have breached their internal notification SLA. Remediation was tracked to closure before audit documentation was submitted. The operator retained us for quarterly assurance reporting thereafter.
All engagements described are illustrative composites. Client names, sectors and outcomes are modified. Past results do not guarantee future performance. Contact us to discuss whether a similar scope fits your organization.