Client Results

What Happens When
Teams Actually Look.

Three anonymised case studies from companies who completed an AuditPulse diagnostic before a board review, an EU market launch, or an enterprise sales process. The findings were real. The remediation was specific. The outcomes were measurable.

FINTECH / SERIES C / 47 EMPLOYEES

EUR 15M Fine Exposure Identified 6 Weeks Before EU Market Launch.

A Series C lending platform with automated credit decisioning was preparing to launch in Germany and France. Their legal team had reviewed GDPR compliance. Nobody had reviewed EU AI Act compliance - because the product team did not know it applied to automated credit decisions.

No explainability matrix on automated credit rejection decisions
EU AI Act Art. 13 - Art. 6(2)
Regulatory Exposure
Estimated exposure: EUR 35M or 7% of global turnover
Human oversight absent on automated rejection decisions affecting 500+ applicants per day
EU AI Act Art. 14 - NIST GOVERN 1.2
Bias evaluation not conducted since model deployment 14 months prior
NIST RMF MEASURE 2.5
Remediation Outcome

EUR 15M in potential regulatory liability identified and mitigated prior to EU market expansion. Explainability matrices implemented across all credit decision outputs. Audit completed in 14 days.

EUR 15M+
Fine exposure identified and mitigated
3 weeks
To remediate all critical findings
On schedule
EU market launch proceeded as planned
$500
Cost of the diagnostic that found it all
HEALTHCARE SAAS / SERIES B / 63 EMPLOYEES

42 Million Patient Records. Zero Consent Traceability.

A predictive diagnostics company had deployed an AI model trained on anonymised patient data from three hospital networks. They believed their data processing was HIPAA compliant. Their consent architecture was not.

Opt-in consent not traceable at individual record level across 42M patient training dataset
GDPR Art. 9 - HIPAA Section 164.514
Regulatory Exposure
GDPR Art. 9 maximum: EUR 20M or 4% of global turnover
Vendor data pipeline lacked SOC 2 CC7 incident response documentation
SOC 2 Type II CC7.1
Predictive diagnostic model had no model card - intended use and limitations undocumented
ISO 42001:2024 Section 6.4 - EU AI Act Art. 13
Remediation Outcome

Full consent traceability implemented across patient record database. SOC 2 CC7 gaps remediated with documented incident response playbook. Model cards published for all three diagnostic models.

31%
Of training data had unverifiable consent
6 weeks
To rebuild consent architecture
3 files
Model cards published for all production models
$1,500
Cost of the Verified Audit that uncovered it
ENTERPRISE SAAS / SERIES A / 38 EMPLOYEES

Three Enterprise Deals Unblocked in 30 Days.

A Series A company building an LLM gateway for Fortune 500 clients had three enterprise deals stalled in procurement. Each procurement team was requesting AI governance documentation that did not exist. The sales team had been trying to close these deals for four months.

Multi-tenant data segmentation unverified - cross-tenant inference leakage risk identified
SOC 2 CC6.1 - EU AI Act Art. 10
No immutable audit log for LLM inputs and outputs per tenant
SOC 2 CC7.2 - ISO 42001 Section 9.1
No AI vendor attestation document - blocking Fortune 500 procurement approval
NIST AI RMF GOVERN 6.1
Remediation Outcome

Immutable hashing implemented for all vector embedding outputs. Multi-tenant segmentation verified and documented. Enterprise procurement attestation issued - 3 blocked deals reopened within 30 days of audit completion.

3 deals
Unblocked after remediation
30 days
From diagnostic to closed contracts
4 months
Those deals had been stalled before the audit
$500
Cost of the diagnostic that unlocked them

What Would We Find
in Your Stack?

Every one of these findings was surfaced in four minutes. The diagnostic is free to start.