In January, Eraneos organized an internal Data & AI Hackathon with the main theme ‘AI for Impact’. During the hackathon, data experts from all our European offices (Spain, Netherlands, Germany and Switzerland) visited our Amsterdam base for two days to explore the topic in depth. We had several teams come together and work on a variety of topics ranging from smart grids to knowledge management with GenAI. Our team focused on exploring ways to improve document compliance within organizations. Here are our findings.
For any player in a regulated industry, the control of operational processes provides intrinsic value. To a regulator, this control is often referred to as compliance, while meeting internal regulations usually falls under the organizational umbrella of quality assurance or risk management. When meeting internal standards, ensuring control may be the responsibility of multiple stakeholders. On paper, it seems clear that both compliance controls and internal benchmarks should represent the same fundamental truth. But in the real world, this may not be the case.
Motivation
As (cybersecurity) consultants, we regularly see organizations’ documentation existing in two different states. One is the ever-changing state of business operations, where many rules and processes are documented, often informally, without any overarching structure or framework. These rules, configurations, formats, and guidelines are often edited and iterated upon, making them messy but current.
The other state we observe is the static and rigid state of the “official” documentation required to achieve compliance. This documentation – often based on a template – is worked on periodically (a nice way of saying “only when needed”). The sources for the so-called static documentation are often either snapshots of the informal documentation mentioned above or interviews with stakeholders/authors of the informal documentation. While the snapshots may not provide a complete picture of the documentation, interviews and “human” exchanges of information are often considered tedious, as they can be rather boring in content, and can involve people from different worlds being thrown together to find a middle ground.
So, for the hackathon, we proposed to implement a tool that leverages AI to generate a certain synergy between informal and formal documentation. That is, a tool that could continuously generate “formal” documentation from “informal” and vice versa.
The Hackathon
After a lot of preparation and coding, we were able to automate some of the information flow. From a myriad of informal documents such as interview transcripts, printouts of confluence pages, configuration files, memos/guidelines between co-workers or team members, and even entire code bases, we generated formal documentation with a high standard of quality.
Our tech stack is based on the Azure Hyperscale architecture, with which Eraneos has a long history, as well as Azure’s newly introduced AI Foundry, which allows (largely) code-free deployments of state-of-the-art AI models and searches, as well as indexers of so-called “blobs”. The results of the Azure backend are fed directly into a React-based web frontend, which uses modern web development techniques such as Material UI to mimic the corporate look and feel of the Eraneos.com website.
We based our story around a fictional insurance company based in Zurich that had recently undergone a merger with a US start-up and sees itself not only wrangling with technical debt from the merger but also increased FINMA (Swiss-SEC) pressure. The result of the hackathon was a working webpage for our fictional client, which – as further evidence of the hackathon’s output – can be found live on the internet.
What we achieved
From a purely technical perspective, our end result may not seem like a reinvention of the wheel – especially given the increasing commoditization of AI use cases such as out-of-the-box RAG systems or AI agents. However, our hackathon team firmly believes that achieving a certain level of modularity – similar to the evolution we saw in hyperscalers a few years ago – is the way forward.
What’s more, from a consulting perspective, we are extremely proud of our output during the 2025 Data and AI Hackathon in Amsterdam. We believe that with the live demo we built, we can add a feature to future sales pitches that assures potential clients that we not only understand our craft when it comes to AI and are deep experts in cybersecurity, but that we also understand the broader developments in the AI space and can leverage them to enable our clients to win.
The way forward
While the scope of the hackathon only allowed us to create a use case for the flow of information from “informal” to “formal”, we plan to implement another use case for the reverse flow of information as well.
While the fundamental truth of an organization lies in the “informal” side of its documentation, the compliance framework, business methods, cybersecurity practices, and certifications are certainly in the “formal” part of its documentation. Efficiently and pragmatically aligning controls, requirements, and even mindsets or strategies to the gaps, violations, or inconsistencies within the informal part of the documentation is our next challenge.
Do you want to see the demo our team built? Reach out to us and we’ll share our findings.
