Praxis· Applied AI Studio · NYC

CASE STUDY · 01 OF 03

Breach-scan automation. 2 hrs → 15 min daily review per attorney.

Daily breach intelligence assembled from eleven public regulator and aggregator sources, scraped via Chrome MCP on a Cowork scheduled task. An orchestrator Skill fans three Claude sub-agents across source families, dedupes against a rolling database window, and delivers one prioritized digest to the team Slack channel. Replaced a multi-source morning-scan ritual that cost the attorney two hours per day.

Cybersecurity legal practiceAnonymized
Breach feed · LiveLooping
04:15 ETscheduled scan firing · R1 morningCowork · Chrome MCPFederal ReserveACME Corp data exposure47k recordsfinancehighnewFTCHealthwise Inc breach12k recordshealthmediumnewSECVibrant Capital LLC4.2k recordsfinancelownewNY State AGNortheast Bank (re-issue)89k recordsfinancehighdupIndustry aggregatorGlobalTech breach1.2M recordstechhighnewClaude classifies#breach-feedposted 04:15:48 · 4 prioritized01Industry aggregatorGlobalTech breachtech · high02Federal ReserveACME Corp data exposurefinance · high03FTCHealthwise Inc breachhealth · med04SECVibrant Capital LLCfinance · low
Data Breach Monitor11 sources · ~16s loop

01 ·Context

Two hours every morning, one attorney, fifteen tabs.

The attorney was scanning and sorting fifteen tabs every morning to track new data-breach disclosures across federal, state, and private-sector sources. Up to two hours per day. Outputs went into shared spreadsheets the team had to reconcile against.

The cost was attorney time spent on triage that an entry-level paralegal could not do safely. Some sources required judgment about scope, jurisdiction, or partner-relevance, so the work stayed at the partner level. The bottleneck was structural.

02 ·The system

How the system runs.

Stage 01 — Inputs

Eleven public sources, scraped on a schedule.

Eleven public breach-notification sources — federal regulator pages, state attorney-general pages, and an industry aggregator — scraped via Chrome MCP. A Cowork scheduled task fires the run twice each weekday (R1 before market open, R2 in the afternoon). Read-only on every source.

Stage 02 — Decisions

Claude reads each source, three families at a time.

Claude reads the eleven sources in three groups — federal regulator, state AG, and aggregator. Each group runs in its own pass so a quirk in one source doesn't bleed into the others. A rolling 30-day check catches anything we've already filed. The merged read goes into the day's record.

Stage 03 — What it writes to

Airtable holds, Slack delivers.

Airtable holds the structured record per disclosure: classified industry, scope tags, source link, dedup hash, date observed. Slack delivers the digest. Both writes happen after the orchestrator has merged the sub-agent outputs and composed the prioritized daily report.

Stage 04 — Outputs

One team channel. All partners read the same digest.

One prioritized digest, delivered to one team Slack channel before the workday starts. All partners read the same channel — no per-partner routing, no parallel digests. Each disclosure renders as a one-line summary plus a link to the full Airtable record. Partners read the digest, click into the records that need deeper review, leave the rest.

Stage 05 — When things go wrong

Retry, override, audit.

Source-down retry on the next scheduled run. Manual override channel for partners to flag a disclosure for deeper review or escalate a misclassification. Audit log entry per disclosure capturing the classification confidence, the dedup hash, and the routing decision.

03 ·The build

Three actors. One workflow.

PHASE 01
Source mapping. All fifteen tabs documented. Decisions captured: which sources stay manual, which get automated, what dedup window the team can defend.
PHASE 02
Chrome MCP scrapers + Cowork schedule. Eleven sources wired up across federal regulator, state AG, and aggregator families. A Cowork scheduled task fires R1 and R2 each weekday. Staging schema settled before any classification logic shipped.
PHASE 03
Claude classification prompt iteration. Industry, scope, freshness, partner-relevance. Confidence threshold landed at the value where the partner team trusted the auto-route path.
PHASE 04
Dedup logic. 30-day window, hashed on normalized title plus disclosure date. The team caught two near-duplicate disclosure patterns the spreadsheets had been silently re-counting.
PHASE 05
Slack digest formatting. One prioritized digest per run, posted to the team channel — all partners read the same digest. One-line summary per disclosure plus a link to the Airtable record. Format settled by sitting next to the partner who would read it first each morning.
PHASE 06
When things go wrong, audit log, handoff. Source-down retry on the next scheduled run. Override channel for partner escalations. Audit log capturing classification confidence, dedup hash, and routing decision per disclosure. Documented and handed off.

04 ·Result

Fifteen minutes. One Slack digest. Zero tabs.

Time redirectedTwo hours per day across the partner team
Sources monitored15+ across federal, state, private
Audit log100% of disclosures

05 ·Stack

Stack-native.

Chrome MCP·Cowork·Skills·Sub-agents·Claude·Airtable·Slack

Get started.

Map your workflow. Ship a working system by Friday. Fixed at $4,950.

Begin