Home/Proof
Representative engagements

Judged by outcomes, not slideware.

Three engagements that show the SBR Fabric working — connect, build, secure and run, under one accountable team. Details anonymised; references available in a working session.

CASE 01 · Banking & payments

Gateway estate migrated with zero consumer impact

The challenge. A European retail bank had to exit a sunsetting API gateway platform — hundreds of proxies, regulated payment flows, partner integrations, and a hard licence deadline. Consumers could not be asked to change a single line.

What we did. Proxy-by-proxy re-platforming on the SBR Fabric: behavioural parity proven by replaying captured production traffic against the new platform before each cutover; shared-flow fault-handling and logging patterns standardised; HSM-backed mTLS rebuilt correctly on the target; 100% automated CI/CD from day one.

0
consumer-facing incidents across the migration
100%
of changes shipped through automated pipelines
platform exit completed ahead of the licence deadline
CASE 02 · Payments security

Intermittent signature failures traced and eliminated

The challenge. A payments platform saw 5–6% of authorisation calls fail HMAC verification — intermittently, untraceably, and at real revenue cost. Two vendors had looked; neither owned the seam between the signing service and the verifying gateway.

What we did. One team, both sides of the seam: byte-level comparison of signed and verified payloads isolated a character-encoding divergence between serialisation layers; the fix was three lines, the diagnostic framework reusable. Runtime detection then tuned to catch any recurrence.

100%
verification success after fix
3
lines of code — once the right team looked
a reusable byte-level diagnostic left with the client
CASE 03 · Industrial group

GenAI from slideware to governed production service

The challenge. An industrial group had GenAI ambition, a nervous risk committee, and the EU AI Act on the horizon. Two pilots had stalled at the demo stage — no guardrails, no evaluation, no governance story to take to the board.

What we did. RAG over the group's own knowledge with evaluation harnesses and guardrails; LLM red-teaming against the OWASP Top 10 for LLM Applications; model inventory and risk classification aligned to the EU AI Act; the existing gateway and identity controls extended to model traffic.

1
governed AI service in production, monitored 24/7
OWASP
LLM Top 10 red-teamed before launch
AI-Act-ready documentation accepted by risk

<!-- representative/anonymised engagements — validate details & obtain reference approval before launch -->

Free · no obligation

Get a free API & AI attack-surface review.

See your estate the way an attacker does. In a 45-minute working session with our principal engineers, we map your integration estate and threat surface and leave you with a prioritised, costed next step — whether or not you engage us.

  • Your API, AI and event-stream surface mapped
  • Top risks ranked against OWASP API & LLM Top 10
  • A costed 90-day remediation & build plan
Request your free review Browse all services