At a glance
WHAT IT’S REALLY ABOUT
Qonto’s secure, auditable agentic AI for financial crime investigations
- Qonto targets the slow, manual “second line of defense” in financial-crime investigations by using agentic AI to gather scattered data, synthesize findings, and assist investigator judgment.
- They chose Claude Opus 4.7 for long-context, cross-document reasoning (citing GraphWalks as a relevant benchmark for finding facts distributed across large contexts).
- To address security and compliance concerns with MCP, they built a centralized MCP gateway providing SSO/OAuth authentication, RBAC, short-lived PASETO tokens, and an append-only audit trail.
- Investigators interact through a Claude Cowork plugin that encapsulates domain workflows into modular “skills,” calls specific tools/data sources, and renders interactive widgets/dashboards in one interface.
- They emphasize evals as essential for critical workflows—testing tool-choice/ordering, grounding (hallucination avoidance), and quality of reasoning—both to prevent regressions and to satisfy compliance and user trust.
IDEAS WORTH REMEMBERING
5 ideasAgentic AI is most impactful where humans currently “tab-hop” across tools.
Qonto focuses on the investigation step after alerts, where analysts compile data from many sources and manually reason about it; an agent that fetches, organizes, and summarizes can compress hours of work into a single guided workflow.
Long-context, cross-document reasoning should drive model choice.
Their selection of Opus 4.7 is justified by the need to connect facts scattered across many documents and data sources; benchmarks like GraphWalks better reflect this investigative reality than generic QA scores.
MCP becomes enterprise-ready when wrapped in a security/compliance “harness.”
Instead of exposing many tools directly, they centralize authentication, authorization, and logging in an MCP gateway so risk/compliance concerns (who accessed what, and why) are addressed systematically.
Use short-lived, scoped tokens to reduce blast radius and avoid token reuse.
They avoid passing SSO tokens downstream and mint short-lived PASETO bearer tokens for MCP servers, limiting damage from leakage and simplifying downstream verification via signed public tokens.
RBAC should be infrastructure-as-code to stay auditable and reviewable.
Defining access in versioned Terraform enables change history, approvals, and reproducibility—key for regulated environments where “who can access what” must be provable over time.
WORDS WORTH SAVING
5 quotesJust to give you an idea, between two and five trillion US dollars are laundered every year in the world.
— Stefano Amorelli
We ask a lot from them. So what's the role of AI? How we can apply AI to make this process better?
— Stefano Amorelli
When you mention MCP to risk and compliance, when you mention it to security, you can raise some eyebrows, to put it mildly.
— Stefano Amorelli
For compliance reasons, we do not want to fully automate the process just yet. So we want to keep human judgment, at least on the critical decisions, because these actions, these financial crime investigations, have consequences, have legal consequences as well.
— Stefano Amorelli
Evals, start with evals. I like to compare, uh, evals to TDD.
— Stefano Amorelli
High quality AI-generated summary created from speaker-labeled transcript.
Get more out of YouTube videos.
High quality summaries for YouTube videos. Accurate transcripts to search & find moments. Powered by ChatGPT & Claude AI.
Add to Chrome