● UK · EU — Regulated fintech & energy Certifications delivered: ISO 27001 · PCI DSS v4 · DORA

Case studies

Anonymised under NDA. Outcomes verified.

Every engagement on this site is described by sector and service. Client names are listed separately on our About page; what we did for whom is private by design.

Filter by sector Consumer finance Data / analytics Digital asset custody E-commerce / retail Education technology Energy / utilities Energy market operations Financial services Financial services / payments Media / advertising Professional services / engineering Software / SaaS
Financial services · 2025

Runtime monitoring for an AI agent estate

Agent-action logging and SOC-integrated detection for an AI-forward financial services provider running production AI agents. Anonymised; metrics indicative.

Cut mean time to detect AI anomalies from 6 hours to under 20 minutes
Read the case study
Financial services / payments · 2025

AI assurance evidence for a global fintech

How a global fintech built a standing AI assurance map that survived an internal audit without an evidence scramble. Anonymised; metrics indicative.

Assembled audit-ready AI assurance evidence in 3 weeks
Read the case study
Financial services / payments · 2025

AI guardrails for a payments business

How Salvador Cloud designed and red-teamed layered AI guardrails for a regulated digital payments business. Anonymised case; metrics indicative.

Blocked 100% of policy-violating tool calls in the first 90 days
Read the case study
Software / SaaS · 2025

An AI gateway control plane for a UK SaaS

An AI gateway control plane for a mid-market UK SaaS, bringing every LLM call under consistent policy in eight weeks. Anonymised; metrics indicative.

Routed 100% of LLM calls through a single policy gateway
Read the case study
Professional services / engineering · 2024

vCISO AI governance for a consultancy

A vCISO governance model that let a global engineering consultancy answer board AI risk questions from standing artefacts. Anonymised; metrics indicative.

Stood up a quarterly board AI risk cadence in one quarter
Read the case study
Financial services / payments · 2024

AI security guardrails for a global fintech

AI guardrails for a global fintech production agent: scoping controls, faster triage, and board-ready reporting. Anonymised case; metrics verified under NDA.

Cut AI agent incident triage time from 4 hours to 28 minutes
Read the case study
E-commerce / retail · 2024

Securing a service copilot for retail

Layered AI guardrails for a UK e-commerce platform's service copilot: zero PII leakage in 6 months. Anonymised case; metrics indicative.

Zero PII leakage incidents in the first 6 months post-launch
Read the case study
Energy / utilities · 2024

Resilience for a regulated UK utility

A regulated UK utility closed 23 ICT third-party resilience gaps and built an AI-aware incident playbook before audit. Anonymised; metrics indicative.

Closed 23 ICT third-party resilience gaps before the audit window
Read the case study
Education technology · 2023

AI data protection for an edutech operator

Redesigned data-protection controls and gated DPIAs into the AI approval lifecycle for an international edutech operator. Anonymised; metrics indicative.

Cut the DPIA cycle from 8 weeks to 2 weeks
Read the case study
Media / advertising · 2023

Securing MCP pipelines for an ad group

Hardened the MCP connector estate of a global advertising group, cutting exposed data egress paths from 40 to 4. Anonymised; metrics indicative.

Reduced exposed data egress paths from 40 to 4
Read the case study
Data / analytics · 2022

Model poisoning defence for analytics

Detecting and quarantining poisoned training data in a big-data analytics pipeline before model deployment. Anonymised case; metrics indicative.

Detected and quarantined poisoned training data in the pipeline
Read the case study
Digital asset custody · 2021

Cloud security architecture for an APAC crypto custody provider

How we designed the cloud security architecture and landing zone for an APAC crypto custody provider operating under HKMA / SFC oversight.

Designed and delivered the secure cloud landing zone for a regulated digital asset custodian; passed external SOC 2 Type 2 audit on first attempt
Read the case study
Consumer finance · 2020

PCI DSS v4 readiness for a UK consumer finance platform

How we redesigned a UK consumer finance platform's card data flows to reduce PCI DSS v4 scope, then led the readiness programme.

Reduced PCI scope by 70% via tokenisation; AOC delivered with zero qualification on first attempt
Read the case study
Energy market operations · 2018

ISO 27001 for a UK energy market operator

How we scoped, designed, and led the ISO 27001 certification programme for a UK energy market operator regulated by Ofgem and the BEIS Code of Conduct.

Delivered ISO 27001 certification end-to-end in 26 weeks; zero major non-conformities at Stage 2
Read the case study

Next step

Want an outcome like these on your next audit?

We diagnose the gap, scope the work, and price it up front — inside your NDA.

Book a discovery call See the full service lineup →