Use case · Corporate security
Threat intelligence the
boardroom can defend.
A corporate security function carries two pressures the SOC does not: the audience is the C-suite and General Counsel, and the consequence of a leak is litigation. The platform that delivers threat intelligence to the boardroom must keep above-tier signal out of below-tier briefings by construction, not by convention. That is what CLEARSKY does.
The friction
The work, before tier-respect by construction.
-
01
Threat reports written for the SOC are not consumable by the C-suite. Indicators-of-compromise lists do not translate to executive decisions. The CSO rewrites the same threat in a different register and provenance is lost in the rewrite.
-
02
Above-tier signal leaks into lower-tier briefings. UI filtering is a convention. A motivated analyst, or a distracted one, copies a paragraph that should not be in the board pack and the audit trail tells you so a week later.
-
03
Cross-vendor TIP feeds dump into the same bucket. Indicator lists, no ontology, no relationships. The CSO knows "this IP is bad" but not which actor, which campaign, which prior incident.
-
04
Provenance gets lost between analyst and brief. By the time a slide is in front of the CEO, the source is "intelligence sources" and General Counsel cannot answer disclosure questions from outside counsel.
What CLEARSKY changes
Five capabilities mapped to corporate security.
-
01 · Tier-respect by construction
Tier-conditioned data paths server-side. Tier-conditioned model weights so the LLM cannot generate above-tier text into a below-tier surface. Tier-scoped CRDT sub-docs so the collaboration substrate respects clearance. Cryptographic, not declarative.
-
02 · Ontology with relationships and confidence
An actor object linked to campaigns, infrastructure, prior incidents, named individuals, with both pipeline confidence (auto, amber UI) and analyst confidence (human-set, green UI). The dual model is the discipline that lets a CSO say "this is our assessment" not "this is what the data says".
-
03 · Signed brief on output
The brief handed to General Counsel carries an ECDSA signature. GC verifies it without an account. If outside counsel later asks for the brief, GC hands them a verifier URL, not a copy.
-
04 · CRDT collaboration on the case
Multiple analysts work the same case without merge conflicts. The CRDT layer is tier-scoped: above-tier writes never appear in the below-tier projection. Useful for cleared-vs-uncleared collaboration and for joint work with external consultants.
-
05 · Proportionality gate on sensitive collection
Insider-threat work, biometric search, and legal-process-bordering collection require the 7-criterion gate. The check is the evidence GC will want when the question of "did we do this properly" arrives.
Concrete shapes
Three illustrative scenarios.
Hypothetical examples for illustration. Not statements about real organisations or incidents.
Executive protection
CEO travel: route-and-venue threat assessment with named adversaries and current open-source signals. Tier-respect keeps source-protection signal out of the EP team's operational brief while the CSO sees the full picture.
M&A target diligence
Target company officers, beneficial owners, sanctions exposure, prior litigation, regulatory history. Cross-link with prior CSO investigations of related entities. Signed brief to the deal team and to GC.
Insider threat preliminary
Concerning behaviour escalated by HR. The proportionality gate documents the lawful basis with named HR-counsel review before any sensitive collection. The insider-threat tier is segregated from general TIM by data path.
Compliance posture
Built for the boardroom audience.
- UK GDPR Article 6(1)(f): legitimate corporate-security interest with a documented LIA per investigation. The platform requires the LIA inline at case open.
- UK GDPR Article 9 + S14 rule: biometric search galleries (face, voice, gait) cannot be created without documented Article 6 + Article 9 lawful basis, case-scoped DPIA, named analyst, and retention policy. The gallery loader refuses ungated galleries.
- Tier-respect by construction (S13): above-tier data does not reach lower-tier surfaces by data path, by model weight, and by CRDT sub-doc. Cryptographic, not declarative.
- EU AI Act Article 5: prohibited practices are blocked at the form schema level (S12: doctrine compiled to schema).
- Director-level exposure: CRN 17133814, ICO 00013660448. Registered controller, not a US-Cloud-Act entity.
Pricing fit
Which tier suits a CSO function.
Small CSO functions (one-to-three analysts) take Team (£399/month) for the shared knowledge graph and tier-scoped CRDT. National and global TIM functions need Enterprise for the bespoke fine-tune (CHAPEL), the multi-region deployment, and the custom tier model. Talk to us about scope.