Praxis· Applied AI Studio · NYC

PraxisWorkBreach-scan automation

CASE STUDY · 01 OF 03

Breach-scan automation. 2 hrs → 15 min daily review per attorney.

Daily breach intelligence assembled from public sources, classified and deduplicated by Claude, routed into one Slack digest per partner. Replaced a multi-source morning-scan ritual that cost each attorney two hours per day with fifteen minutes of curated review.

Cybersecurity legal practiceAnonymized
Architecture · LiveLoop · 8s
InputsRoutingStorageDeliveryFederal feedState feedPrivate feedApifyClaudeAirtableSlackPartner APartner BPartner CPartner DPre-market trigger · 30-day dedup · Per-partner routing
Workflow · AnonymizedReal architecture · 30-day dedup

01 ·Context

Two hours every morning, four attorneys, fifteen tabs each.

Each attorney was scanning fifteen tabs every morning to track new data-breach disclosures across federal, state, and private-sector sources. Two hours per day, per attorney. Outputs went into shared spreadsheets the team had to reconcile against.

The cost was attorney time spent on triage that an entry-level paralegal could not do safely. Some sources required judgment about scope, jurisdiction, or partner-relevance, so the work stayed at the partner level. The bottleneck was structural.

The trigger to ship a system was a missed disclosure. A federal-register entry surfaced four days late because the partner who normally watched that source was on a deposition. The team decided that one missed disclosure was the cost of doing the workflow manually, and the next conversation was about replacing the workflow.

02 ·The system

Architecture.

Stage 01 — Inputs

Three actors before market open.

Apify scheduled actors run before market open, pulling from federal, state, and private-sector breach disclosure feeds. Three actors total. Each one writes raw output to a staging table.

Stage 02 — Routing

Claude classifies, dedupes, gates.

Claude classifies each disclosure on industry, scope, freshness, and partner-relevance. Dedup runs against the prior 30 days of disclosures, hashed on a normalized title plus disclosure date. Confidence threshold gates the auto-route path.

Stage 03 — Integrations

Airtable holds, Slack delivers.

Airtable holds the structured record (disclosure title, classified industry, scope tags, source link, partner-relevance score, dedup hash). Slack delivers the digest.

Stage 04 — Outputs

One digest per partner, before the workday.

One Slack digest per partner in #breach-feed, delivered before the workday starts. Each disclosure renders as a one-line summary plus a link to the full Airtable record. Partners read the digest, click into the records that need deeper review, leave the rest.

Stage 05 — Edge handling

Retry, override, audit.

Source-down retry with exponential backoff. Manual override channel for partners to flag a disclosure for deeper review or escalate a misclassification. Audit log entry per disclosure capturing the classification confidence, the dedup hash, and the routing decision.

03 ·The build

Six weeks. Three actors. One workflow.

Praxis-led build narrative, week by week. Where design judgment moments landed. What the team learned mid-build. Content fill — copy is placeholder, structure stable.

WK 01
Source mapping. All fifteen tabs documented. Decisions captured: which sources stay manual, which get automated, what dedup window the team can defend.
WK 02
Apify actor configuration. Three scheduled actors against federal, state, and private-sector feeds. Pre-market trigger locked. Staging schema settled before any classification logic shipped.
WK 03
Claude classification prompt iteration. Industry, scope, freshness, partner-relevance. Confidence threshold landed at the value where the partner team trusted the auto-route path.
WK 04
Dedup logic. 30-day window, hashed on normalized title plus disclosure date. The team caught two near-duplicate disclosure patterns the spreadsheets had been silently re-counting.
WK 05
Slack digest formatting. One-line summary per disclosure, link to the Airtable record, partner-keyed routing. Format settled by sitting next to the partner who would read it first each morning.
WK 06
Edge handling, audit log, handoff. Source-down retry with exponential backoff. Override channel for partner escalations. Audit log capturing classification confidence, dedup hash, routing decision per disclosure. Documented and handed off.

04 ·Result

Fifteen minutes. One Slack digest. Zero tabs.

What changed, how the team operates differently now, what time was redirected, what scaled because the bottleneck moved. Concrete details, specific numbers. Content fill — copy is placeholder, structure stable.

Time redirected~6 hrs/day across the partner team
Classification accuracycontent fill
Sources monitored15+ across federal, state, private
Audit log100% of disclosures

05 ·Stack

Stack-native.

Apify·Airtable·Claude·Slack·Cowork

Get started.

Map your workflow. Ship a working system by Friday. Fixed at $4,950.

Begin