Request a demo.
Thirty minutes, live. We'll run the pipeline against a sanitized case file and walk you through the agent trace, the validation step, and the final report.
Let's talk partnership.
For cyber insurance carriers, MGAs, brokers, and reseller partners exploring Grail as a panel alternative or integrated claims workflow.
Dallas, TX 75201
Active incidents: < 1 hour
The six things
everyone asks first.
How long does deployment take?
For most environments, under a day. Grail collects evidence via Velociraptor — there's no persistent agent to roll out, no MDM push, no change window needed. We can run against a fresh case without deploying anything.
Do we need to install anything on endpoints?
No persistent install. Velociraptor runs on demand when King Arthur orchestrates a collection, then removes itself. Nothing sits on your endpoints between investigations.
How do you handle our data?
Evidence is collected into a tenant‑isolated workspace, encrypted at rest with a customer‑held KMS key, and scheduled for purge after report delivery. We never train any model on customer evidence — contractually and architecturally.
What integrations do you support?
Alert intake from most SIEM and EDR platforms out of the box (Sentinel, Splunk, CrowdStrike, SentinelOne, Elastic). Case output pushes to Jira, ServiceNow, and carrier claims APIs. Full webhook surface for anything custom.
Is Grail's output admissible in court?
Outputs are structured to meet Daubert standards — reproducible methodology, signed chain of custody, full provenance for every claim. We work with outside counsel on cases that escalate to litigation and will testify to our methodology.
What if the pipeline misses something?
The Black Knight validator drops unverifiable claims rather than softening them, and every case is reviewable by a human analyst before report delivery. If a finding is missed, we re‑open the case at no cost. We've re‑opened two in the last quarter.