Challenge

Employees already used consumer chat tools for workarounds; IT needed an internal alternative that respected classification labels, regional data boundaries, and the reality that not every document should surface to every employee.

Context

Classic enterprise search returned file paths, not synthesized answers. Policy teams worried about hallucinated policy guidance and leakage across business units. Legal asked for citations and retention behavior identical to the source systems.

Approach

• Ingestion pipeline that tags chunks with ACLs derived from SharePoint, Confluence, and the corporate directory—not only folder paths.
• Hybrid sparse and dense retrieval with reranking tuned on an internal golden set of questions.
• Answer templates requiring inline citations, confidence bands, and explicit refusals when evidence is thin.
• Automated regression tests for prompt injection, training data exfiltration, and toxic content; weekly human review of failure buckets.
• Admin tooling to freeze collections, purge embeddings on legal hold, and trace a user session end to end.

Security posture

We aligned with SOC2-style logging: who asked, what retrieved, what model saw, and what left the boundary. Air-gapped inference options were documented for the most sensitive workspaces.

Outcome

Support and sales reduced median research time by more than half while security gained attributable, policy-bound answers. Employee satisfaction with internal knowledge tools rose without opening a consumer-grade data path.