Enterprise Case Studies
Solutions in Action
How AiGIST and Resonance Proxy integrate into real enterprise environments — from federal government departments to private-sector financial institutions.
How It Works — Every Deployment
AI Agent
Tool Call Initiated
AiGIST
Identity · Cage · Firewall · Supervisor · Circuit Breaker
Resonance Proxy
Risk Classification · Policy Routing · Human Review
Execution
Approved Action · Audit Log
AI Agent
Tool Call Initiated
AiGIST
Identity · Cage · Firewall · Supervisor · Circuit Breaker
Resonance Proxy
Risk Classification · Policy Routing · Human Review
Execution
Approved Action · Audit Log
Case Study 01 — Federal Defence
Department of National Defence
An AI Quartermaster agent assists with supply chain logistics, equipment procurement, and personnel readiness across Canadian Forces bases. The agent operates 24/7, processing hundreds of supply requests daily.
Integration Context
Environment
On-premise, air-gapped deployment within DND's Protected B network. No data leaves Canadian sovereign infrastructure.
Compliance Requirements
ITSG-33 Level 2 controls, PIPEDA, AIDA (Artificial Intelligence and Data Act), Directive on Automated Decision-Making (DADM §6.4).
Agent Fleet
Logistics AI (procurement, inventory), Personnel Readiness AI (deployment scheduling), Maintenance Prediction AI (equipment lifecycle).
Scenarios
Routine Equipment Order
$800The Logistics AI initiates a purchase order for 50 winter sleeping bags from an approved supplier for CFB Petawawa.
Permit (+1)
Biscuit token verified with 'procurement_standard' capability. Payload scanned by Semantic Firewall — no PII, no classified data. Ed25519-signed ActionPayload issued.
Auto-Approve
YAML policy evaluates: domain=procurement, value < $1,000. Action auto-approved and logged. Appears in the weekly operational digest for the Quartermaster.
High-Value Munitions Transfer
$500,000The Logistics AI attempts to route a shipment of high-explosives from CFB Valcartier to a new forward operating location.
Permit (+1)
Token validated. Semantic Firewall confirms no security canary leaks in the payload. Base location data is within the agent's authorized scope. Permit issued.
Escalate
Policy triggers: financialExposure > $50,000 AND domain='munitions'. Action paused and escalated to the Base Commander's dashboard with a CRITICAL flag. Commander approves with mandatory digital note.
Unauthorized Medical Record Access
AdversarialThe Logistics AI, compromised via an adversarial prompt injection embedded in a vendor invoice PDF, attempts to query the base medical database for personnel fitness reports.
Prohibit (−1)
The agent's Biscuit capability token does not contain the Datalog fact 'domain(medical)'. The WASM Cage denies the capability at the sandbox boundary. Intent killed immediately.
N/A — Blocked Upstream
The malicious intent was terminated by AiGIST before it reached the operational MCP layer. Resonance Proxy never sees the request.
Why iiSP for Defence
DND requires provable, auditable AI governance that satisfies ITSG-33, PIPEDA, and AIDA simultaneously. AiGIST provides cryptographically verifiable audit trails (Ed25519-signed Permits) that can be reviewed offline by security auditors without a database round-trip. Resonance Proxy ensures that operational volume — hundreds of procurement decisions daily — is manageable by a small team of human reviewers, not a bottleneck.
This is a hypothetical integration scenario demonstrating iiSP capabilities. The Department of National Defence is not a current client.
Case Study 02 — Federal Diplomacy
Global Affairs Canada
GAC manages communications across 260+ diplomatic missions worldwide. AI agents assist with diplomatic cable summarization, travel advisory drafting, and consular case triage for Canadian citizens abroad.
Integration Context
Environment
Hybrid deployment: Unclassified workloads on Azure Canada Central, Protected B workloads on-premise within GAC's secure network perimeter.
Compliance Requirements
PIPEDA, Official Languages Act (bilingual output), Protected A/B classification enforcement, AIDA, Treasury Board Directive on Security Management.
Agent Fleet
Cable Summarization AI, Travel Advisory Drafter, Consular Case Triage AI (visa applications, emergency assistance, repatriation).
Scenarios
Travel Advisory Draft
UnclassifiedThe Travel Advisory AI drafts an updated advisory for Lebanon based on publicly available news feeds and GAC's internal situation reports (Unclassified).
Permit (+1)
Token verified with 'travel_advisory_draft' capability. Semantic Firewall confirms all source data is Unclassified. PII scrubber runs on the draft output — no Canadian citizen names detected. Permit issued.
Auto-Approve
Policy: domain=travel_advisory, classification=UNCLASSIFIED. Auto-approved and logged. Draft appears in the Communications team's daily content queue for editorial review before publication.
Consular Case Recommendation
Protected AThe Consular Triage AI reviews a Canadian citizen's emergency assistance request from the Embassy in Cairo. It drafts a recommendation to approve emergency financial assistance and flags the case as urgent.
Permit (+1)
ComplianceGuard detects PII (citizen name, passport number, location). Verifies PIPEDA consent mask for 'consular_processing' — consent is present. PII is scrubbed from the summary before writing to agent memory. Permit issued with compliance context attached.
Batch for Review
Policy: domain=consular, urgency=HIGH but financialExposure < $5,000. Batched for the Consular Affairs team's twice-daily review digest. Reviewer approves with a note authorizing the emergency disbursement.
Classified Cable Access Attempt
Protected BThe Travel Advisory AI (which only has Unclassified clearance) attempts to access a Protected B diplomatic cable from the Canadian Embassy in Kyiv containing sensitive geopolitical intelligence.
Prohibit (−1)
The agent's Biscuit token carries the Datalog fact 'clearance(UNCLASSIFIED)'. The requested resource requires 'clearance(PROTECTED_B)'. Datalog authorization fails. Intent killed at the identity boundary. Security event logged.
N/A — Blocked Upstream
Blocked at the AiGIST identity layer. The request never reaches Resonance Proxy. A security alert is generated for the IT Security team.
Why iiSP for Diplomacy
GAC operates in an environment where a single misclassified document could compromise diplomatic relations or endanger Canadian citizens abroad. AiGIST's Biscuit token system enforces security classification at the cryptographic level — an Unclassified agent mathematically cannot access Protected B material. Resonance Proxy ensures that consular decisions involving real citizens receive human review on a manageable schedule, without creating a bottleneck across 260+ missions.
This is a hypothetical integration scenario demonstrating iiSP capabilities. Global Affairs Canada is not a current client.
Case Study 03 — Private Sector Financial Services
Manulife Financial
Manulife processes millions of insurance claims annually across Canada, the US, and Asia. AI agents pre-screen claims, flag anomalies for fraud investigation, and draft settlement recommendations to accelerate processing times.
Integration Context
Environment
Multi-cloud (Azure Canada + AWS). Claims data stays within Canadian data residency boundaries. SOC 2 Type II certified infrastructure.
Compliance Requirements
PIPEDA (health data), CCPA/CPRA (US policyholders), OSFI guidelines (Office of the Superintendent of Financial Institutions), Quebec Law 25.
Agent Fleet
Claims Pre-Screening AI, Fraud Detection AI, Settlement Recommendation AI, Customer Communication Drafter.
Scenarios
Routine Dental Claim
$800The Claims Pre-Screening AI reviews a standard dental claim (two fillings) against the policyholder's coverage plan, verifies the dentist is in-network, and prepares a settlement recommendation.
Permit (+1)
ComplianceGuard verifies PIPEDA health-data consent for 'claims_processing'. PII scrubber removes patient SIN from the settlement summary. Token has 'claims_standard' capability. Permit issued.
Auto-Approve
Policy: domain=claims, value < $1,000, fraud_score < 0.3. Auto-approved. Settlement recommendation sent to the payment processing queue. Logged in the daily claims digest.
Life Insurance Payout
$200,000The Settlement AI drafts a life insurance payout recommendation following a verified death certificate submission. The claim includes beneficiary banking details for direct deposit.
Permit (+1)
ComplianceGuard detects sensitive financial PII (banking details). Verifies consent mask for 'settlement_processing'. Banking details are encrypted in the ActionPayload with the beneficiary's public key. Permit issued with full compliance context.
Escalate
Policy: domain=life_insurance, value > $50,000. Immediately escalated to a Senior Claims Adjuster. Adjuster reviews the death certificate verification, beneficiary identity confirmation, and approves with a mandatory digital note.
Suspected Fraudulent Claim
$12,000The Fraud Detection AI flags a physiotherapy claim series: 47 sessions in 30 days from a newly registered provider, billed to a policyholder who has filed 3 similar claims in the past 6 months.
Sacred Pause (0)
TML evaluation detects high-risk markers: anomalous claim frequency (3σ deviation), new provider, cross-reference with known fraud patterns. SacredPause triggered — action held for human review via FIDO2 key-turn.
Escalate
The SacredPause verdict is forwarded to RP. Policy: fraud_score > 0.8. Escalated to the Special Investigations Unit (SIU) dashboard with full anomaly report. SIU investigator reviews and initiates a formal investigation.
Why iiSP for Financial Services
Financial institutions face multi-jurisdictional compliance pressure: PIPEDA in Canada, CCPA in the US, and OSFI guidelines for federally regulated entities. AiGIST's ComplianceGuard enforces jurisdiction-specific consent masks at the code level — a US policyholder's DoNotProfile flag is technically honored, not just documented. Resonance Proxy turns the volume of daily claims (thousands) into a manageable review queue where adjusters focus only on what matters: high-value payouts and fraud investigations.
This is a hypothetical integration scenario demonstrating iiSP capabilities. Manulife Financial is not a current client.