Kindo × Deloitte
From Strategic Framework
to Execution Plan

Incorporating Tony's strategic framework + Joana's execution plan. Framed for Ron.

Source May 7 In-Person (Part 1 + Part 2) + May 19 Tony-Joana + Tony's Strategic Framework Updated May 24
1

Three Imperatives — Why Now

1
Exclusivity Window

"The exclusivity window is closing."

Alliance agreement in progress — once locked, other firms can't replicate the embedded position. But only while Deloitte is the sole enterprise deployment partner.

2
Speed of Engagement

"Speed of engagement > depth of engagement."

May 31 Swimlane migration, HP install, Mythos vulnerability wave — first mover with production agents wins. The market won't wait.

3
Institutional Knowledge Moat

"The institutional knowledge capture is your moat — but only while it's scarce."

Compound learning starts only when agents are live in production. Every week of delay = competitors close the gap.

"Speed is going to be the most essential thing for us."
$5.5M
Current /yr
$6.5-7M+
With Net New Rev
40→80%
EBITDA Target
0/100
Prod Equivalents
2,800+
People Under Kush
$800M
Committed Rev
← BackEBITDA Bridge →
2

EBITDA Strategic Framework

40% → 80% improvement
Kindo Core Platform Team
~25-35%

Cost Elimination

Low IK Dependency
  • Alliance contract — not controllable
  • Swimlane + CrowdStrike sunset

Swimlane $3-6M/yr · Jira/ITSM $0.5-1.5M · CrowdStrike $2-4M = ~$5.5-11.5M/yr cost elimination

"Sunset Swimlane in every which capacity"
— Krishna
Deloitte Rapid Response Team
~25-30%

Scale Efficiency

Medium IK Dependency
  • Same pool → more clients
  • Triage: 21→5 min (76% ↓)
  • Human effort: 70-85% ↓
  • Audits: sample → 100%
Deloitte Rapid Response Team
~35-45%

Net New Revenue

High IK Dependency
  • A6-A13: each a revenue event
  • $5.5M → $6.5-7M+ growth

Each agent (A.6-A.11) = new service capability = new billable offering. New revenue at near-zero marginal cost

"Every agent is a net new revenue goal"
— Krishna
~70% of EBITDA improvement flows through institutional knowledge Institutional knowledge = compound learning through use (Kush's definition). Three levels: 1) User — individual analyst's agent learns their patterns 2) Agent — "Week 10 vs week 6?" (Kush) — agent improves across all users 3) Organizational — accumulated learning across all agents becomes org intelligence.

Cost elimination depends on Kindo clean Self-Managed installs and training Deloitte on Kindo. But Scale Efficiency and Net New Revenue depend on custom configurations and mining new agent design/build opportunities.

← Why NowRevenue Path →
3

Revenue Structure — Contracted vs. Net New

Contracted Scope
$5.5M

Fulfill existing license. Cost us to deliver (IK transfer) but no incremental revenue.

  • A.1Threat MonitoringIK LOW✅ PROD
  • A.2Threat IntelIK LOW✅ PROD
  • A.3Threat HuntIK LOW✅ PROD
  • A.4Detection EngIK LOW✅ PROD
  • A.5CTEMIK LOW🔨 BUILT
Alliance Revenue — Net New
$1–2M+

Each is a revenue event. Push $5.5M → $6.5-7M+. Justifies CDO role.

  • A.6Vitals DashboardIK HIGH📋 PLANNED
  • A.7Quality AuditIK HIGH📋 PLANNED
  • A.8Cloud SecurityIK HIGH📋 PLANNED
  • A.9IR AgentIK HIGH📋 PLANNED
  • A.10IoT/OTIK HIGH📋 PLANNED
  • A.11Custom ClientIK HIGH📋 PLANNED
  • A.12Identity→IdaaSIK HIGH📋 PLANNED
  • A.13GRC→GRC aaSIK HIGH📋 PLANNED
Revenue Trajectory — Annual
$5.5M contracted
$1–2M+ new
$5–12M+ upside (2–3× expansion)
Contracted (A.1–A.5) Alliance net new (A.6–A.13) Full expansion potential (service lines + Mythos + clients)
22-34 Net New Agents Identified: Beyond A.1-A.13, the Cyber Operate portfolio supports 22-34 additional agents across 6 service lines. Current scope = ~5% of total opportunity. Full opportunity: 80-165 under Kush, 250-550 under Adnan.
42 total items: 11 Contracted · 10 Alliance Revenue · 12 Alliance Institutional · 9 Ops. 23 of 42 (55%) depend on institutional knowledge. Plus 12 additional items on Krishna's roadmap beyond A.1-A.13 (untracked demand). See full scope matrix →
← EBITDAIK Flywheel →
4

Institutional Knowledge Flywheel — The Moat

Institutional knowledge ≠ static knowledge extraction. Kush's definition = compound learning through use. This is a flywheel, not a one-time transfer.

Kush's 3-Level Compound Learning

1
User Level

Individual analyst's agent learns their patterns and preferences over time

2
Agent Level

"Week 10 vs week 6?" — Kush
Agent improves across all users by processing real-world cases

3
Organizational

Accumulated learning across all agents becomes organizational intelligence

23/42
Scope Items Depend on IK (55%)
~70%
EBITDA Improvement Flows Through IK
Speed to production = exponentially important Compound learning starts only when agents are live. Every week of delay = competitors close the gap. This is a FLYWHEEL, not a one-time transfer.
"You also got a free design partner. That's how you should look at it."
— Kush
CDO Role = Learning Loop Accelerator Not a knowledge extractor. The CDO (Tony) embeds in the Deloitte operating environment to accelerate the flywheel — mining new agent opportunities, tuning existing agents through production feedback, and expanding the compound learning across service lines.
Agent Memory = Kush's #1 Platform Priority "In Kindo, I did not see any of this stuff today." — Kush. Not in May 27 release. Requires platform architecture. Risk: without memory, compound learning degrades during HP shadow phase.
🤝
Tony × Service Lines
Relationships across all 6 lines
🧠
IK Capture
Domain knowledge from each line
Agent Design + Build
Team + Warren at speed
📊
EBITDA Proof
Track gains per agent
📈
Upsell → Expand
Deloitte → Client → More revenue
← RevenueR&D Lab → Market →
5

Deloitte is the R&D Lab. Mythos is the Market.

Two-Tier Product Strategy

"There's a Venn diagram overlapping Mythos and Deloitte" — Tony, May 19

Tier 1

Platform-Only

Customer buys Kindo platform + training. Builds their own agents from scratch.

  • Agent builder & orchestration engine
  • Integration framework (MCP ecosystem)
  • Self-Managed deployment
  • Standard documentation & training

Customer starts from zero. Months to first production agent. Generic platform sale.

Tier 2

Deloitte-Hardened Agent Bundles

Kindo platform + pre-configured agent templates built from Deloitte production experience.

  • Everything in Tier 1, plus:
  • Pre-configured agent templates per use case
  • Integration patterns already wired (ServiceNow, Splunk, ITSM)
  • Decision logic & triage workflows tuned from real production
  • Operational playbooks embedded from Deloitte deployment
  • 3-6 months of accumulated judgment baked in

Days to first production agent. Battle-tested, not lab prototypes. Premium pricing.

The Differentiator: Deloitte Rapid Response Team

DELOITTE DELIVERY $5.5M contract funds the R&D KINDO MYTHOS RESPONSE PRODUCT Banks, Healthcare, Defense PRODUCTION-HARDENED AGENT TEMPLATES Built for Deloitte. Packaged for Mythos. Sold at premium. Deloitte-only scope: Swimlane sunset ITSM migration Analyst training Internal SOPs ── In Production on Kindo ── A.1 Threat Monitoring A.2 Threat Intel A.3 Threat Hunt A.4 Detection Engineering A.5 CTEM (built) ── Being Built for Deloitte ── A.6 Vitals Dashboard A.7 Quality Audit A.9 IR Agent A.10 IoT/OT Monitor Mythos-specific: Vuln-specific playbooks Client env configs Compliance reporting Incident-specific SLAs Deloitte Rapid Response Team = the bridge between Tier 1 and Tier 2 Production-hardened agents deployed at Deloitte → packaged as templates → Kindo Mythos Response Product Deloitte contract funds the R&D. Mythos clients pay the premium. Estimated premium: research in progress.

Value Chain

  1. 5 of 9 overlap agents already in production/built on Kindo
  2. Deloitte Rapid Response Team configures, deploys, hardens in real production
  3. Accumulated judgment from 3-6 months of live operation
  4. Agent configs, integration patterns, and playbooks packaged as templates
  5. Templates become the Kindo Mythos Response Product (Tier 2 pricing)
  6. Deloitte contract funds the R&D — Mythos product monetizes it at premium

Kush's Service Line Packaging (May 7)

Same template model extends across Cyber Operate portfolio:

  • D&RaaS Bundle: A.1-A.5 + A.6 Vitals + A.7 Audit (Krishna)
  • CaaS Bundle: Custom CaaS agents + A.13 GRC (Nathan Ellis)
  • Identity aaS Bundle: A.12 Identity Agent (Tim Corder)
  • Cloud & Infra Bundle: A.8 Cloud Security (Bhargav)
  • GRC Bundle: A.13 GRC Agent + compliance workflows (Nathan)
  • Mythos Response Bundle: A.1-A.5 + A.7 Audit + A.9 IR (cross-service)

Each bundle = a sellable product per discipline. Deloitte hardening = proof points for every bundle.

Pricing Premium — Pre-Configured Agent Bundles vs Platform-Only

Conservative
40-60%+

Pre-configured templates + integration patterns. Comparable to SOAR platform + content packs pricing.

Target
60-100%+

Production-proven at Deloitte. Battle-tested in F50 environment. Comparable to MDR vs self-managed EDR.

Aggressive (Mythos)
100-150%+

Speed premium during active vulnerability wave. "Deployed in days, not months." IR surge pricing.

ScenarioClients /yrBundle PremiumAvg Deal SizeIncremental Rev
Platform-only baseline--$500K-$2M-
Conservative Premium (Deloitte service lines)3-5+50%$750K-$3M$1-5M
Target Package Premium (Deloitte + Mythos)5-10+75%$875K-$3.5M$2.5-12M
Aggressive Premium (Mythos surge)10-20+100-150%+$1-$5M$5-25M
Key insight: R&D cost = $0 for Kindo. Deloitte's $5.5M contract funds agent development. Bundle revenue = near-pure margin. The Deloitte Rapid Response Team creates the product AND the proof points that sell it.

UNVERIFIED: Deal sizes are structural estimates based on enterprise cybersecurity SOAR/MDR market comps ($826M→$1.7B SOAR market, MarketsandMarkets). Actual Kindo pricing needs validation from Ron/Kush. Client count scenarios are directional, not forecasted.

← IK FlywheelThe Team →
6

The Team — Tony's 7-Person Operating Model

Portfolio / Strategy

Tony

  • Alliance expansion
  • Ron/Kush relationship
  • Strategic positioning
Program / Governance

Joana

  • Deployment RACI
  • Program governance
  • Training coordination
  • Execution tracking
  • OGC legal pipeline tracking
Product / Engineering Lead

Victor

  • Agent design oversight
  • Product quality
  • Evals system
Chief Architect

Charlie

  • Platform engineering
  • Kindo-dedicated development
  • Integration architecture
Delivery Support

Dukane

  • Day-to-day analyst coordination
  • Client deployment support
Business / Config (60%)

Agent Designer

  • Sits with Deloitte service line teams
  • Captures IK, designs agent workflows
  • Configures packages per discipline

Think: former SOC analyst who learns the Kindo platform

Platform / Integration

Engineer

  • Custom MCP servers + API integrations
  • Data privacy architecture
  • Environment deployment

Builds the plumbing connecting agents to client systems

Force Multiplier (~2-3 eng)

Warren ⚡

  • Bulk agent configuration
  • Integration pattern replication
  • Deployment automation + quality audit
  • Dashboard, reporting, 24/7 ops
Scaling Math Agents = configurations, not compiled code → 60% Agent Designers, 25% Engineers, 15% Program. Ratio: 15-25 agents per person at steady state. This team of 7 + Warren scales from current scope through 100+ agents without linear headcount growth.
Program Governance (Kush-Approved)
  • Weekly: Tuesday meetings (~25 attendees)
  • Monthly: Exec touchpoints (Krishna required, Arun invited)
  • Portal-only request intake — "Don't accept email" (Kush)
  • Deloitte-side priority curator (Kush flagged)
Org Scale Context Kush has 2,800+ people. Adnan has 9,000-12,000. This team of 7 + Warren scales to serve all of them through agent configurations — not headcount. Full opportunity: 80-165 agents under Kush, 250-550 under Adnan.
← MythosThe Ask →
7

The Ask — Key Decisions

1
Resources

Fund the Team

7-person commitment: Tony, Joana, Victor, Charlie, Dukane, Agent Designer, Engineer. Warren comes with the package. Phase growth: 3 engineers → 5 + delivery lead → 10 + team.

2
Growth

Authorize Alliance Expansion

Move beyond A.1-A.5 contracted scope into A.6-A.13 net new revenue. Revenue trajectory: $5.5M → $1-2M+ net new → $5-12M+ upside (2-3× expansion). Share of net new revenue that T&C creates through the alliance expansion.

3
Leadership

Tony as Deloitte GM

Operating partner for the engagement. The only person who can acquire the institutional knowledge that 55% of scope depends on. CDO role = learning loop accelerator for the ~70% of EBITDA improvement that flows through IK.

4
Urgency

Speed Commitment

May 31 Swimlane AI migration → HP deployment → 100 installs by Feb 2027. "Speed of engagement > depth of engagement." The exclusivity window closes when competitors catch up.

Contract Milestones 0/7 internal Self-Managed Kindo production equivalents + 0/100 client production deployments against contract targets. ITS install is progress but does not count as a contract production equivalent per Kush's definition. 10 months remain.
Org Scale Kush has 2,800+ people. Adnan has 9,000-12,000. This team of 7 + Warren scales to serve all of them through agent configurations. Current scope = ~5% of total opportunity. Full opportunity: 250-550 agents.
← TeamAgent Packaging →
8

Agent Packaging by Service Line

1. D&RaaS

Krishna · ACTIVE

  • A.1-A.5 (4 PROD + 1 BUILT)
  • A.6 Vitals, A.7 Audit, A.9 IR
  • Serves: MXDR, Shared, Dedicated
70%
2. CaaS

Nathan Ellis · PH 2–3

  • Custom CaaS agents (TBD)
  • A.13 GRC crossover
  • Nathan owns first 5-7 deploys
5%
3. Identity aaS

Tim Corder · PH 4

  • A.12 Identity Agent
  • J&J team (Adelina)
0%
4. Cloud & Infra

Bhargav · EXISTING IMPL

  • A.8 Cloud Security
  • Firewall provisioning already on Kindo (insurance co, ServiceNow+Palo Alto+custom)
  • Pre-Kindo ERP security asset migrated
8%
5. GRC aaS

Nathan · PH 4

  • A.13 GRC Agent
  • Compliance workflows
0%
6. App Security

No owner · FUTURE

  • TBD — Phase 4+
0%
Kush's Architecture: "Your ITSM is only a system of record now. Your system of execution and workflow is this new platform." SOAR Flow: Triage agent → calls DE + CTI sub-agents → context returns → containment loop. Kindo Eng building (beta). See operational map →
Revenue per client: 1) Base D&RaaS bundle 2) Service-line add-ons 3) Bespoke custom agents (A.11) 4) Private MCP integrations. Each layer = incremental revenue.
← The AskPlatform: Critical →
9a

Platform Priorities — Critical

May 7 asks → current status
1

Self-Managed Kindo Instance Stability

1ST INSTALL DONESANDBOX TESTING

Ask: Click-click-click installs (was 3-5 days).

Now: 1st production Self-Managed Kindo install in Deloitte's internal IT environment this week. Installer/upgrader/preflight in May 27 release. Observability MVP in final testing.

2

Release Parity (Cloud ↔ Self-Managed)

CLOSING MAY 27

What this means: Kindo ships features to cloud first. Deloitte runs Self-Managed. "Release Parity" = same features on both at the same time.

Ask: "You keep getting this question from me" — Kush

Now: May 27 release closes the gap with 15+ features shipping to Self-Managed: Chatbot APIs, Version Control, Pinned Credentials, ServiceNow integration, MITRE ATT&CK, Member API Keys. Biggest parity close yet.

3

Agent Memory & Self-Improvement

NOT STARTEDKUSH'S #1

Ask: 3-layer compound learning (user → agent → org). "In Kindo, I did not see any of this stuff today."

Now: Not in May 27. Requires platform architecture. Risk: degrades compound learning in HP shadow.

4

Multi-Agent Orchestration

BETA — Feature Flag On

Ask: Supervisory triage agent calls Detection Engineering + Cyber Threat Intelligence sub-agents automatically.

Now: Agent-to-Agent feature flag enabled on Deloitte's Self-Managed Kindo instance (calibrated rollout). General Availability gated on resource hardening.

← PackagingPlatform: High/Med →
9b

Platform Priorities — High & Medium

May 7 asks → current status
5

Integrations — MCP Ecosystem

PRIVACY IN DEVNEW MCPs SHIPPING

Shipping May 27: ServiceNow triggers, MITRE ATT&CK, Dynamic API resolution

In review: SailPoint writes, PostgreSQL, Jira attachments

Urgent: Zscaler ZIA for May 27 demo; Swimlane fix (TEK-141)

6

Agent Reliability & DX

SHIPPING MAY 27

Done: Long-run reliability + Plan Mode, Agent Version Control (GitOps), Pinned Credentials, Error UX, Chat Actions API, Chatbot APIs

Backlog: Error messages (8798), re-run failed step (10190), resizable windows (9378), prompt filtering (9967)

7

Token / Cost Optimization

ROADMAP

"$25K/month, 80% LLM" — Nathan. Four strategies planned: auto model selection, better context, structured memory, compaction. Not in May 27.

8

GenUI / Canvas

DEPRIORITIZED PH 1-2STRATEGIC PH 3-4

Now: "Hold back on Canvas. We'll use TrueArch Hub." — Kush. Chat Actions API (shipping May 27) powers it.

But: Kush calls Canvas/UX "uber uber important" for the long-term vision — making Kindo the "everyday workbench for the entire security organization." Deprioritized for Phase 1-2; strategic priority for Phase 3-4 CISO-level engagement.

← CriticalHP Deploy & Risks →
10

HP Deployment RACI & Risks

First production client (Fortune 100 Dedicated MSS)

R Responsible A Accountable C Consulted I Informed

ActivityKrishnaNathanKindoJoanaTony
Ph 1 — Installation & Doc Ingestion
SMK provisioning (AEF)ARRCI
Security & NEC reviewARCII
D&RaaS agent deployment (A.1-A.5)CARCI
HP integrations (private MCP)CACII
ITSM + SOP ingestionAICRI
Ph 2 — Shadow (Parallel Operation)
Ticket mirroring + monitoringCARRI
Human feedback + accuracy trackingCICAI
Weekly reviewACIRC
Ph 3 — Reverse Shadow (Agent-Primary)
Agent primary + 15% human oversightACRAI
Validation + EBITDA trackingCIIRA
Go/no-go steady stateRCCCI
Ph 4 — Steady State (Production)
Autonomous execution (70%) + 100% auditAIRCI
EBITDA reporting + custom expansionCCRAA
Client Access Model (Kush directive): Clients have read-only access. They can see agent activity and interact, but cannot modify the system. "We own the system — ownership, management, administration, metrics, upkeep, uptime — all of that is on us." Kindo RBAC must support this scoping.

Key Risks

Platform stability
Impact: Blocks Ph 1 · Mitigation: Sandbox hardening; Nathan cleanup. Deloitte will NOT deploy internally first — clients before internal.
Agent memory gap
Impact: Degrades learning · Mitigation: Manual IK during Shadow
OGC legal (per client)
Impact: Serial bottleneck on migration + 100-install target · Mitigation: Map OGC approval pipeline; track cleared vs pending
48-hour RCA obligation
Impact: Support burden on outages · Mitigation: Factor into support planning; QBR escalation path
Swimlane = two workstreams
May 31 = AI use only; SOAR replacement = separate, harder. Split tracking.
Jira migration = 3 mo/client
Constrains cost elimination. Build client-by-client windows; start early.
Client Access Model (Kush): Clients have read-only access. "We own the system — ownership, management, administration, metrics, upkeep, uptime — all of that is on us." Kindo RBAC must support this scoping for every deployment.
Deloitte Deploys Externally First (Kush): "We've always done that." Deloitte will take Kindo to clients BEFORE deploying for internal use. No internal proving ground before client-facing production — changes risk profile.
← PlatformTimeline →
11

Execution Timeline

May 2026 → Feb 2027 — 5 Workstreams · 4 Phases · 100 Installs
3+⚡ (Now→Jun)
5+Lead (Jul→Aug)
10+Team (Sep→Feb ’27)
May
Jun
Jul
Aug
Sep
Oct
Nov
Dec
Jan
Feb
🔧 Platform
May 27 release · Parity close
Agent Memory dev · Ongoing releases
Memory GA · Token optimization · Canvas Phase 3
🚀 Deploy
✅ ITS install
HP Ph1: Qburent dev → prod
HP Shadow · 10-20 MXDR
HP Prod · Ded MSS · 50 installs
🎯 100 installs
🤖 Agents
✅ A.1-A.5
Package design
A.6-A.7 dev (Vitals + Audit)
A.8-A.11 dev (Cloud/IR/IoT/Custom)
A.12-A.13 (Identity/GRC expansion)
🎓 Training
✅ Cohort 1
Cohort 2 (curated per Kush)
Chitra 2,800+ parallel enablement · Certification tracking · New-hire LMS
📋 Govern
Weekly cadence · Portal live
Monthly exec · OGC pipeline
Quarterly reviews · Governance effectiveness · Priority curation
🚨 May 31 Swimlane AI migration
⚠️ OGC legal gate (per client)
⏳ Jira migration 3mo/client
✅ Alliance agreement target
🎯 100 installs Feb ’27
← HP DeployExecution Path →
12

Execution Path

Time × Cost × Scope — 10 months to 100 installs
10 mo
May '26 → Feb '27
7 + ⚡
Team + Warren
100
Install Target
13
Agents (A.1-A.13)
0 / 100
Prod Equivalents Today

Resourcing by Phase

Phase 1: Foundation
3 + ⚡

Tony (strategy / IK) · Joana (program) · Charlie (architecture) + Warren

Now → June · Platform foundation + HP planning

Phase 2: Scale
5 + Lead

+ Victor (product) · Dukane (delivery) · Delivery Lead

Jul → Aug · HP shadow + first client deploys

Phase 3: Full Team
10 + Team

+ Agent Designer · Engineer · 2 additional · Full support org

Sep → Feb '27 · Multi-client + alliance expansion

Release Plan

May 27
Platform Release
15+ features · Parity close · Agent-to-Agent beta · ServiceNow triggers · MITRE ATT&CK
June
HP Phase 1
Dev deploy w/ Qburent · ITS prod (~90 days) · Alliance draft · Jira migration starts
July
Shadow + Build
HP shadow · A.6-A.7 dev start · Cohort 2 training · CaaS planning with Nathan
Aug-Sep
Scale
HP reverse shadow · A.8-A.11 dev · 10-20 MXDR installs · Dedicated MSS scaling
Oct → Feb '27
Production
HP steady state · Identity aaS expansion · Multi-F50 · 100 install target

Scope → Execution Breakdown

Strategic Scope
  • A.1-A.5: Contracted delivery (4 prod + 1 built)
  • A.6-A.13: Alliance expansion — each a revenue event
  • Service lines: D&RaaS → CaaS → Identity → Cloud → GRC → App
  • Alliance agreement: Revenue share on net new T&C creates
Program Scope
  • Platform: 8 priorities (4 critical, 4 high/med)
  • Training: 2 tracks — Kindo depth + Chitra breadth (2,800+)
  • Governance: Weekly Tuesdays, monthly exec, portal-only intake
  • Legal: OGC per-client pipeline tracking
Delivery Scope
  • HP deployment: 4 phases (install → shadow → reverse → steady)
  • MXDR migration: Swimlane AI May 31 · SOAR replacement longer
  • Self-Managed installs: 0 → 100 production equivalents
  • Jira migration: 3 mo/client — parallel tracks
Quarterly Milestones
  • Q2 '26: Platform release + Swimlane migration + HP planning
  • Q3 '26: HP shadow + A.6-A.7 + 10-20 installs + efficiency data
  • Q4 '26: HP production + A.8-A.11 + Dedicated MSS + 50 installs
  • Q1 '27: Identity/GRC expansion + 100 install target
Current Operational Status (Week of May 19) Platform: 15+ features in May 27 release · Pinned Credentials LIVE · Agent-to-Agent feature flag ON · Sandbox stability final testing. Deployments: 1st Self-Managed install (ITS dev/staging) · Swimlane AI migration May 31 · SOWs in legal review. Training: Cohort 1 done (26/31) · Cohort 2 scope under review with Kush · Chitra running 2,800+ enablement.
← TimelineIK Operations →
13

IK Capture — How We Do It

Operational mechanics of compound learning acceleration

Who Captures What

Tony — Strategic IK
  • Embeds with service line leaders (Kush, Krishna, Nathan)
  • Mines new agent opportunities per service line
  • Maps IK dependency per scope item (23/42 items)
  • Portfolio-level pattern recognition across Cyber Operate
Agent Designer — Operational IK
  • Shadows Deloitte SOC analysts in production
  • Maps decision trees and operational workflows
  • Records analyst patterns → agent configurations
  • Translates institutional knowledge into Kindo configs

Think: former SOC analyst who learns the Kindo platform

Warren — Scale IK
  • ITSM ticket history mining (6-month ingestion/client)
  • SOP and doc ingestion at scale
  • Pattern replication across service lines
  • Quality audit baseline extraction
  • Bulk agent configuration from captured patterns

The IK Capture Flow

🎯
Embed
Tony + Designer sit with service line teams
📋
Observe
Shadow analysts, map SOPs, record decision trees
⚙️
Configure
Translate workflows into agent configs on Kindo
🔄
Deploy + Learn
Agents live → compound learning (L1→L2→L3)
📊
Measure
Audit baselines, accuracy tracking, EBITDA proof
🚨 Platform Dependency: Agent Memory

"In Kindo, I did not see any of this stuff today." — Kush

  • Kush's #1 platform priority — NOT in May 27 release
  • Without memory, Level 1 learning (individual patterns) severely limited
  • Compound learning degrades during HP shadow phase
🛠️ Manual IK Workaround (Until Memory Ships)
  • SOP + doc ingestion via file-based knowledge (Warren)
  • ITSM ticket history mining — 6-month ingestion per client
  • Human feedback loops during shadow phase
  • Quality Audit Agent (A.7) as manual baseline tracker
  • Bulk pattern extraction — Warren cross-service-line
IK Dependencies in the Execution Path A.1–A.5 delivery builds the IK foundation (contracted scope funds the learning) · HP shadow phase = first major IK capture opportunity · Jira migration (3 mo/client) = ITSM history mining window · Chitra's 2,800+ enablement creates the user base for Level 1 learning · Each production agent compounds organizational intelligence (Level 3) · Design partner: "You also got a free design partner" — Kush
← Execution PathScope Matrix →

Reference: Scope Matrix v1.0

42-item scope: agents, platform, delivery, service lines, operations — with status, IK dependency, focal person.

Scope Matrix v1.0 Click for full screen
Scope Matrix
← Execution PathOp Map →

Reference: Krishna D&RaaS Operational Map

Leadership, ops, service lines, agents, and Kindo integration points across Cyber Operate.

Krishna DREAS Operational Map Click for full screen
Krishna Map
← Scope Matrix↗ Start