Working Document — v1.0 — Prepared for Neon

Turgon × Neon
A Working Point of View.

How we'd approach credit explainability, fraud, and collections — on one governed foundation, inside your AWS.

ConfidentialVersion 1.0
01Introduction

Introduction.

This document follows our conversation with Thiago and lays out how Turgon would approach the three areas you identified — credit-decision explainability, fraud, and collections — on a single governed foundation, running inside your AWS environment.

It deliberately mixes what we believe with what we still need to learn. Facts you shared with us are stated plainly and marked Confirmed; anything we inferred is marked Hypothesis and paired with an open question.

This is written to be discussed, not accepted — tell us where we're wrong.

02Who We Are

Who we are.

Turgon is an AI-native systems integrator based in San Francisco. We deploy multi-agent systems inside our clients' own cloud environments to map, catalog, and modernize complex data estates — work that historically took integrator teams quarters, delivered in weeks, with a human approving every step.

Our agents build an ontology of your environment first, so everything they produce is grounded in how your data actually connects. That ontology, plus mandatory human validation, is how we control hallucination in settings where "mostly right" is not acceptable.

We've done this inside Fortune 500 environments — Western Digital and First Student. Details in Track Record.

What we are not
— Not

Not a black box

Every step our agents take is inspectable, versioned, and produced against an ontology you can audit.

— Not

Not a SaaS you ship data to

Our agents deploy inside your cloud environment. Your data does not leave your perimeter.

— Not

Not a replacement for your team

A human on your side approves every step. What we build runs in your environment and belongs to you.

Everything we build runs in your environment and belongs to you.

03What We Heard

What we heard from you.

Our understanding from our conversation — correct anything we got wrong.

Confirmed

You're rebuilding your data foundation from scratch, domain-driven — every data product (databases, models, dashboards) domain-owned.

Confirmed

You're building your ML platform rather than buying one, scaling from dozens of models toward hundreds.

Confirmed

You consume infrastructure as a service, not a platform — your dbt boilerplate keeps analysts out of consoles, and you deliberately control technology lock-in.

Confirmed

You operate under BACEN oversight: any credit decision must be explainable, on demand, completely.

Confirmed

Your credit decisions are deterministic by design — rules plus traditional ML — and you're rightly skeptical of probabilistic systems anywhere near them.

Confirmed

Fraud runs on hard rules and is owned outside the data platform team.

Open Question

What did we get wrong, and what's missing from this picture?

04Your Three Use Cases

How we'd approach your three use cases.

These are the three areas you identified. For each: what we understood, how we'd approach it, the guardrail that keeps it safe, and what we'd need to learn from you first.

04.1

Credit-decision explainability.

Confirmed
What we understood

When BACEN or a customer asks why a credit decision was made, assembling the complete answer is a manual effort across systems.

Our approach

An agent assembles the full evidence chain on demand — policy version, variables, model inputs, data lineage — as an auditable package.

The guardrail

AI explains decisions; it never makes them. Your deterministic engine remains the sole decision-maker.

Open Question

What does assembling a BACEN response take today — people, days, systems touched?

04.2

Fraud.

Confirmed (facts)Hypothesis (approach)
What we understood

Your fraud engine runs on hundreds of hard-rule metrics and sits outside the data platform team.

Our approach

Our hypothesis, labeled as one: graph-based entity linkage — shared devices, accounts, counterparties — could be computed as features feeding your existing rules engine. Your rules stay in charge; the graph widens what they can see.

The guardrail

The rules engine remains the decision surface. Ownership stays with the team that owns it.

Open Question

Do your fraud analysts ever want linkage the rules can't express today?

Open Question

How would the team that owns the engine want to engage?

04.3

Collections.

Hypothesis
What we understood

Your funnel here is narrower and shaped by default timing. This is where we have the most to learn, so we lead with questions rather than an approach.

Our approach

Possible direction: unifying payment, contact, and credit-context signals into one grounded, explainable prioritization view.

The guardrail

No prioritization ships until the signals are grounded in your data and explainable to the operator acting on them.

Open Question

What data decides who you pursue, when, and how — and where does that process strain?

Side by side
Credit ExplainabilityFraudCollections
ScopeAssemble the complete evidence chain behind any credit decision, on demand.Add graph-based entity linkage as features into your existing rules engine.Unify payment, contact, and credit-context signals into one prioritization view.
What we'd need from youAccess to policy versions, model registry, decision logs, and lineage sources.A working session with the fraud team to understand what rules cannot express.A walkthrough of the current funnel, data sources, and where it strains.
What you'd getAn auditable package per decision — reproducible, versioned, BACEN-ready.A feature service your rules can call; linkage the rules can act on.A grounded, explainable prioritization view — direction depends on what we learn.
DurationWeeks, measurable start.Weeks, feature-scoped pilot.Discovery first, then scope.
The decision it informsHow you answer regulators and customers.What your fraud engine can see.Who you pursue, when, and how.

All three run on the same foundation — described next — so choosing one doesn't foreclose the others.

05How It Works

How it works — inside your VPC.

An agent runs on an EC2 instance inside your VPC. It connects via APIs and reads metadata — minimum-necessary access, scoped and revocable. From that it builds a data dictionary plus a "constitution": the rules, boundaries, and governance it must operate within.

On that base it constructs an ontology of your environment — the map of how your domains, systems, and definitions actually connect. Every artifact it produces — a mapping, a catalog entry, a transform, a definition — passes a human approval gate before it counts.

All code is dbt, SQL, and Python — readable, owned by you, still yours if we never speak again. LLM-agnostic: we can run on your licensed enterprise model if compliance prefers it.

Layered architecture — inside your VPC
Layer 0 — Your sources

Unchanged.

Operational systems, files, APIs, warehouses. We do not touch them.

Layer 1 — Pipeline

Config-driven ingestion.

In-pipeline data-quality gates, dbt + Python transforms, single orchestration plane.

Layer 2 — Medallion storage

Bronze / Silver / Gold.

Bronze immutable raw · Silver conformed, DQ-gated, PII-tagged, glossary-enforced · Gold domain marts, aligned to your Snowflake path.

Layer 3 — Governance (TEOS)

Automated dictionary + ontology.

Glossary enforced in code, column-level lineage, human gates on every artifact.

Layer 4 — Your consumption

Retained.

Your BI, notebooks, apps, and ML platform continue to consume from Gold.

Paired-agent loop
Draft → Test → Sign → Promote
Step 1
Designer agents

Draft the artifact — mapping, transform, catalog entry, definition.

Step 2
Validator agents

Adversarially test the draft against the constitution and ontology.

Step 3
Human sign-off

A person on your side approves. Signed to version control.

Step 4
Promotion

Only signed artifacts count. Nothing promotes without a signature.

Open Question

Where does this picture diverge from the platform you're building?

06Operating Principles

Our operating principles.

P1Principle

Agents come to your data.

They run inside your AWS. Nothing egresses.

P2Principle

Open, license-free core.

dbt, SQL, Python. No proprietary runtime to inherit.

P3Principle

Human-in-the-loop is mandatory.

Every agent output requires explicit sign-off, recorded in version control.

P4Principle

Agents never decide.

Your deterministic rules and models make decisions; agents retrieve, assemble, document, and flag with confidence estimates.

P5Principle

Ontology as durable memory.

Your domains and definitions captured as executable infrastructure, not documentation that rots.

P6Principle

You own the code.

Every artifact remains yours. Managed service is a choice, never a dependency.

P7Principle

Your LLM if you prefer.

Enterprise model restrictions are supported, not tolerated.

P8Principle

Prove small, against your bar.

Value demonstrated on one domain, measured against acceptance criteria you define, before anything scales.

07Determinism & Governance

Determinism & governance.

A short, direct section. This is the question a regulated lender should ask first, so we answer it first.

The three sentences

Agents never make credit decisions.

Decisions remain deterministic.

Every action is auditable.

What agents produce

Auditable, human-signed evidence. Every action logged. Every anomaly flagged with a confidence estimate and routed to a person.

How governance runs

Executed at runtime — business definitions enforced inside silver transforms, lineage generated by the pipeline itself. Not stored as documents nobody maintains.

08Security & Compliance

Security & compliance.

Answers before you ask — our standing security posture, available for your vendor review today.

Certifications & assurance

ISO 27001, independently certified.

  • ISO 27001 certified — independently certified ISMS.
  • Incident response aligned to NIST SP 800-61 Rev. 2.
  • Quarterly penetration testing with documented results.
  • Formal vulnerability management with documented remediation SLAs.
Data protection

Encrypted, scoped, revocable.

  • AES-256 at rest.
  • TLS 1.2+ enforced in transit.
  • Your data belongs to you — access scoped, logged, revocable.
  • Minimum-necessary data access per workstream.
AI model security

Read-only agents, zero training on your data.

  • Zero customer data shared with public LLMs or used for model training — contractually prohibited under enterprise AI provider agreements (zero training, zero retention after processing).
  • Agents are read-only with human-in-the-loop — no autonomous actions against your systems.
  • Full audit trail on every agent action (LangSmith tracing + Helicone LLM monitoring).
  • Low-confidence outputs routed to human review.
  • You may require your own enterprise AI accounts or restrict vendors.
Access control

MFA, PAM, RBAC, SSO.

  • MFA enforced across all internal systems — no exceptions.
  • Privileged access management (AWS Secrets Manager + 1Password).
  • Quarterly access reviews with documented on/offboarding.
  • RBAC with least privilege and strict customer-data segregation — no cross-customer access.
  • Enterprise SSO via SAML, OIDC, SCIM.
Monitoring & logging retention
Log typeStandard retentionDuring incidents
Application / API logs90 days3 years during incidents
Auth / access logs1 year3 years during incidents
Security events1 year3 years during incidents
Continuity

Documented BCP + DRP, redundant AI providers.

  • Documented Business Continuity Plan and Disaster Recovery Plan.
  • App / data / storage tier segregation.
  • Dual LLM provider redundancy (OpenAI + Anthropic).
  • SBOM maintained and available.
Insurance

Active coverage through 03/2027.

  • General Liability — $1M per occurrence / $2M aggregate.
  • Tech E&O — $2M aggregate.
Track record
0
Data breaches in company history
0
Security incidents requiring critical response
2 / 2
Fortune 500 vendor security assessments passed (First Student, Western Digital)
Data deletion

On engagement completion or written request, all your data and derived artifacts are permanently deleted, written confirmation is provided, and all credentials are returned or revoked.

09Proving It

Proving it — a small, measurable start.

We'd rather show you than tell you. The proposal: an ontology + enriched catalog over one domain of your choosing, on your existing S3 / Trino lake, running in your AWS. Roughly 1–2 weeks once access is granted. Everything produced is yours.

The key term

You define the acceptance bar.

Your engineers set the accuracy and parity criteria before we start. The result is judged against your bar, not our claims.

The path forward
Wave 1

Validation slice

One domain of your choosing, on your existing S3/Trino lake, in your AWS.

1–2 weeks
Wave 2

Foundation

Ontology + catalog across priority domains as you move toward Snowflake.

By phase
Wave 3

Your chosen use case

Credit explainability, fraud, or collections — the one that clears your bar first.

Scoped to use case
Wave 4

Ongoing operation

By choice. Your code, your environment, your call.

Optional
10What We Still Need to Learn

What we still need to learn.

A partner who claims to have no questions isn't paying attention. Here's what we'd want to understand before proposing anything firm.

Your platform
  • What did we get wrong, and what's missing from the picture of how you work?

  • Where does our architecture diverge from the platform you're building?

  • Is there a preferred or licensed LLM we should plan around?

Credit
  • What does assembling a BACEN response take today — people, days, systems touched?

  • What would a satisfying answer look like for you and for the regulator?

Fraud
  • Do your fraud analysts ever want linkage the rules can't express today?

  • Who owns the fraud engine, and how would that team want to engage?

Collections
  • What data decides who you pursue, when, and how?

  • Where does that process strain — and what would you want to be different?

Ways of working
  • What does your security review require of us?

  • How would you want a POC's success measured?

  • Who on your side would own the acceptance bar?

11Track Record

Western Digital — at scale, in their AWS.

Case study
Fortune 500 · Semiconductor

Western Digital.

100+
Source systems unified into a semantic graph
Oracle Exadata → Lakehouse
Migration path executed
372 / 381
Bronze tables landed — ~97.6%
~2B
Rows processed
7-D
Data quality — with per-row provenance
In-VPC
Delivered entirely inside the client's own AWS
Relevance

Regulated-grade auditability at scale, in the customer's environment — and the same client cleared us through their Fortune 500 vendor security assessment.

12Where This Goes

Where this goes.

Pick one use case. We prove it small, against your bar, in your environment.You decide from evidence.

The path
Validate
Build the foundation
Prove the use case
Operate
Open Question

Which of these, if it worked, would be most worth your CTO's attention?