Use cases

The AI tool queries patient records via a shared API key. Every clinician's request looks the same to the backend. There's no way to enforce that only licensed physicians access sensitive data, and no audit trail linking queries to specific users. A nurse practitioner and a radiologist have identical access. HIPAA compliance is a manual, after-the-fact process.

Every request is bound to the authenticated physician's identity. Role-based policies restrict tool access by license type — radiologists see imaging data, primary care sees full records. PII in prompts is detected and redacted before reaching the model. Every query is logged with the clinician's identity for HIPAA compliance review.

The AI assistant queries credit APIs with a shared service key. Any loan officer can pull any borrower's credit data — no scoping to their assigned accounts. Credit card numbers and SSNs flow through prompts to the LLM. There's no spend tracking per user, so one heavy user can exhaust the team's API budget. Regulators can't trace who accessed what.

Each loan officer's identity is verified and propagated. Tool access is scoped to their assigned borrowers. SSNs and credit card numbers are detected and masked before reaching the model. Per-officer rate limits prevent excessive data pulls. Every credit query is logged with the officer's identity, the borrower accessed, and the policy that authorized it.

Attorneys and paralegals query the same case management API through the AI tool. A junior associate can access partner-level cases. Client-privileged information flows into LLM prompts without filtering. There's no record of which attorney accessed which case through the AI — creating privilege and conflict-of-interest blind spots.

Each attorney's identity and matter assignments flow through every request. Tool access is scoped to their assigned cases and clearance level. Privileged content is flagged before reaching the model. Every document query is logged with attorney identity and case context for privilege review and conflict checks.

The SaaS backend receives tool calls from ChatGPT with a shared API key. It can't tell which customer triggered the request. Tenant isolation breaks down — one customer's agent could access another customer's data. There's no way to enforce per-customer rate limits, and LLM-driven usage spikes are invisible until the bill arrives. Building OAuth token forwarding from scratch takes weeks.

Every tool call arrives with the customer's verified identity and tenant context. The control plane handles OAuth token verification so the SaaS backend always knows which customer is calling. Tenant isolation is enforced at the gateway — customers can only access their own data. Per-customer rate limits and budget caps prevent abuse. The SaaS team ships the integration in days instead of months.

The copilot has access to company tools but treats all employees the same. An intern can query the same financial data as the CFO. A runaway agent loop burns through the OpenAI budget in minutes. Usage can't be attributed to individuals or departments. When the security team asks who accessed salary data last week, nobody knows.

SSO identity flows through every request. Tool access is scoped to the employee's role and department — engineering sees engineering tools, finance sees financial data. Per-user spend limits catch runaway agents before they drain budget. Every action is logged to the individual for security review and cost attribution.

The AI assistant queries carrier APIs and inventory systems with a shared service account. A regional dispatcher can see shipments for every region. Customer addresses and contact details flow into LLM prompts unfiltered. An agent loop re-querying a rate API burns through rate limits for the whole company. There's no way to trace which dispatcher triggered an incorrect reroute.

Each dispatcher's identity and region assignment flow through every request. Tool access is scoped to their assigned routes and warehouses. Customer PII is redacted before reaching the model. Per-user rate limits prevent agent loops from exhausting carrier API quotas. Every shipment query and reroute decision is logged with the dispatcher's identity for operational review.

The AI assistant queries project databases with a shared key. A subcontractor can see the same financial and safety data as a licensed engineer. Environmental impact reports and site assessment data — including GPS coordinates and landowner information — flow into LLM prompts unprotected. There's no record of who queried safety inspection results or modified compliance documentation through the AI.

Each engineer's identity, license status, and project assignments are verified on every request. Tool access is scoped by role — licensed PEs access structural calculations, project managers see timelines and budgets, subcontractors see only their assigned scope. Landowner PII and sensitive site data are redacted before reaching the model. Every query is logged for regulatory and safety compliance review.