Kindo
PoC Narrative · Internal
SOC for AI · Sprint 1

Video × PoC: What Each Segment Proves

The demo video runs 3:14. Ten narrated segments. Here's exactly how each one maps to the five objectives Kishore defined — what we proved, what we showed awareness of, and what's Sprint 2.

Proved with real data
Awareness / partial
Context / positioning
Bonus (beyond ask)
01
Positioning — "Your Questionnaire, Our Answer"
0:00 – 0:22
Context
What the video says

"Based on the questionnaire responses we received, your team made it clear — shadow AI discovery is handled by detection engineering. What you need from us is governance for the AI you already know about. This agent is our answer."

What this proves

No specific objective — this is the frame. It tells Deloitte: we listened to your questionnaire, we understood your scope (not shadow AI — governed AI), and we built to that scope. Sets up everything that follows.

02
Architecture — Two Data Sources
0:22 – 0:42
Proved
What the video says

"Two data sources feed this agent. First, it calls Anthropic's API directly, pulling the full list of models available outside your environment. Second, it receives platform telemetry — every agent deployed, every integration connected, every model enabled."

What this proves

Proves the architecture works. The platform can be the hub — an agent on the platform collects internal telemetry and reaches external APIs in a single run. This is the foundation for all five objectives. Without this, nothing else works.

03
Agent Deployment Monitoring
0:42 – 1:02 · Objective 1
Proved
What the video says

"286 agents in this environment. Two were created in the last 48 hours. One of them has no name, no description, and full administrative permissions. That's an agent nobody can account for, doing things nobody documented."

What this proves

Objective 1: Detect unauthorized agent deployment — PROVED. Not a mock. Real inventory of 286 agents. Real finding: unnamed agent with full perms, created within 48h. This is the exact use case Kishore described.

04
Risk Classification
1:02 – 1:22 · Objective 1 (depth)
Proved
What the video says

"The monitor classifies agents by risk. One does dynamic tool selection with no boundaries, another does browser automation with full delegation rights, another handles HR evaluations with PII but no guardrails."

What this proves

Deepens Objective 1. Beyond inventory — the agent classifies risk per agent. 10 flagged with specific reasons. This is what the SOC team needs: not just "here are your agents" but "here are the ones that need attention and why."

05
Integration & Data Source Monitoring
1:22 – 1:42 · Objective 2
Proved
What the video says

"45 active connections. 14 classified as high-risk. Okta with private key access, Entra ID with full directory access, Snowflake, CrowdStrike, eDiscovery. The question isn't whether these integrations exist — it's whether every agent should have access to all of them."

What this proves

Objective 2: Detect unauthorized tools / sensitive data sources — PROVED. Full inventory of connections with risk classification. Real integration names, real access levels. The agent surfaces the question Deloitte wants answered: who has access to what?

06
Configuration Drift
1:42 – 2:02 · Objective 3
Partial
What the video says

"Agents that auto-fix CI pipelines and create pull requests without human approval. An incident auto-resolver that closes tickets autonomously. A penetration testing workflow in the shared catalog where any user can access it."

What this proves

Objective 3: Detect drift in agent actions — PARTIAL. We show configuration analysis: agents configured in ways that violate standard change management. This is real data. But true drift detection requires runtime audit logs (what agents did, not how they're configured). That's Sprint 2.

07
Guardrails & Policy Gaps
2:02 – 2:20 · Objective 4
Partial
What the video says

"12 agents have maximum permissions. No policy requires documentation when you create an agent. No lifecycle management. The controls infrastructure exists — what's missing is the monitoring layer."

What this proves

Objective 4: Detect guardrail / policy changes — PARTIAL. We show the current state of permissions and the policy gaps. Real data. But detecting changes requires baseline + diff between runs. Sprint 2 adds that layer.

08
Cross-Platform Governance
2:20 – 2:50 · Beyond the ask
Bonus
What the video says

"Three Claude models are accessible externally but aren't in the governed catalog. Anyone with a direct API key can use those models outside your governance framework. No audit trail, no DLP, no access controls."

What this proves

Not in Kishore's five objectives — delivered anyway. The agent compared governed models against Anthropic's external API and found ungoverned model access. This demonstrates the architecture extends beyond the platform. Sprint 2 connects to each platform's admin APIs for actual usage data.

09
Governance Score — Measurable Baseline
2:50 – 3:05
Proved
What the video says

"Overall governance score: 3.8 out of 10. High risk. But that's the starting point, not the verdict. Run this agent weekly, and you see the trend. That's continuous governance, not a one-time assessment."

What this proves

Proves the output is measurable and repeatable. A single number that tracks over time. This is the mechanism for continuous governance — not an audit report you file once, but a living metric. The baseline is set; Sprint 2 adds the trend line.

10
Prioritized Actions + Speed
3:05 – 3:14
Context
What the video says

"Five prioritized actions. Two need to happen now. This entire analysis — 286 agents, 45 integrations, cross-platform model comparison — completed in under four minutes. Sprint two, we co-develop it with your team."

What this proves

Closes the narrative. The PoC isn't a slide deck — it ran against live data in under 4 minutes and produced actionable output. The co-develop call isn't a pitch; it's the natural next step because the foundation already works.

Kishore's Five Objectives
Coverage Matrix
#
Objective
Video Segments
Status
1
Detect unauthorized agent deployment — new agents built/deployed by unauthorized users
Seg 03, 04
Proved
2
Detect unauthorized tools / data sources — agents connecting to sensitive integrations
Seg 05
Proved
3
Detect drift in agent actions — actions not in line with SOPs over time
Seg 06
Partial
4
Detect guardrail / policy changes — MCP, tool policies, permission changes
Seg 07
Partial
5
Multi-tenant data breach detection — cross-client data contamination
Sprint 2

The bottom line.

Objectives 1 and 2 are proved with real production data. Not mocked, not simulated — real agents, real integrations, real findings.

Objectives 3 and 4 show awareness — the agent identifies configuration gaps and policy violations, but true change detection (baseline + diff) is Sprint 2 scope.

Objective 5 (multi-tenant isolation) requires runtime audit log access that isn't available via the current API surface. That's co-develop territory.

The cross-platform governance (Segment 8) wasn't even asked for — we delivered it because the architecture made it natural.

Position it as: "Proof that the platform has the telemetry and the agent architecture to do governance monitoring" — not "production-ready detection system." The gaps are exactly the scope of the co-develop.