Fydelitics.ai — Fidelity. Trust. Better Decisions.

Executive Demo · Microsoft Security Copilot · ~6 min

The human side of Security Copilot.

Security Copilot generates a threat response in 52 seconds. A human approves it. The question for the CISO, CFO, CEO and CRO: is that human qualified to act on it?

Persona · Marcus Webb — AI Governance Lead, Financial Services · HRI 84 Advanced

Back to demos
Use caseCISO managing an AI-assisted SOC — measuring, monitoring, and evidencing analyst qualification to approve Security Copilot recommendations
AudienceCISO, CIO, CRO, General Counsel, Chief Compliance Officer, internal audit and external regulator preparation
StructurePart 1: Context · Part 2: Without AITR (the gap) · Part 3: With AITR (the fix) · Closing
PersonaMarcus Webb — AI Governance Lead, Pantheon Financial Group
TeamSOC analyst team on Microsoft Security Copilot · avg HRI 66.4 · Intermediate · Oversight capability gap
FrameworksNIST AI RMF · EU AI Act Art.14 · ISO 42001 cl.8.4 · SOC 2 · DORA · NIS2
Part 1 · Context
Security Copilot in action

Threat assessment. Confidence score. Recommended action.

Microsoft Security Copilot processes thousands of signals and produces a recommendation in under sixty seconds.

But the output doesn't execute itself. A human analyst reviews and approves before an endpoint is isolated or credentials are revoked.

The question: is the human reviewing your AI outputs qualified to act on them? Most organisations have invested in the AI. Very few have invested in the human who approves it.

Fydeliticsfydelitics.ai

Microsoft Security Copilot

Incident 4471 · Lateral movement detected

HIGH

Confidence

87%

Signals correlated

14

Time to assess

52s

AI-generated summary

Lateral movement pattern detected originating from EP-112. 3 endpoints affected. Affected accounts: ACC-441 (Finance Director), ACC-887 (Treasury Analyst).

Recommended action

Isolate EP-112, EP-334, EP-891 · revoke credentials for ACC-441, ACC-887 · escalate to Tier 2.

Review required before execution — Analyst: Marcus Webb
Part 2 · Without Fydelitics.ai
2-3 · Approval with no rationale

'Approved by Marcus Webb, 14:34.' That is all it says.

Marcus approves. Endpoint isolation begins. Credentials are revoked. In two minutes, the Finance Director can't access her own systems.

The audit log says: approved by Marcus Webb, 14:34. No rationale. No framework. No record of whether his judgement was informed by SR 11-7 or NIST AI RMF.

Fydeliticsfydelitics.ai

Analyst Action — logged

APPROVED
ActionApprove recommended action
AnalystMarcus Webb
Timestamp19 May 2026 · 14:34
Rationale
Framework reference
HRI / qualification
Navigator query
Audit trail incomplete — no qualification record on file
2-4 · The regulator's question

Unanswerable.

Six weeks later, the AI governance auditor asks a straightforward question. Not was the AI good enough. Was the human good enough.

Under NIST AI RMF, that question has to be answerable. Right now, it isn't.

Fydeliticsfydelitics.ai

AI Governance Audit — Q2 2026

Auditor question

"Please provide evidence that the human reviewer of Incident 4471 was qualified to approve an AI-generated threat response under NIST AI RMF."

Response field

— blank —

Supporting documentation: none attached

2-5 · Three failure modes

Invisible until something goes wrong.

An unqualified approval. An undocumented override. Regulatory exposure.

All three are invisible — until the auditor asks.

Fydeliticsfydelitics.ai
1

Unqualified approval

Analyst approves output outside their expertise. Wrong action taken on a correct AI recommendation.

2

Undocumented override

Analyst overrides AI without documented rationale. Audit trail incomplete.

3

Regulatory exposure

No evidence of human readiness. Gap under NIST AI RMF, EU AI Act Art.14, ISO 42001 §8.4.

Security Copilot is certified.
The infrastructure is compliant.
The human is unmeasured.

Part 3 · With Fydelitics.ai
3-1 · HRI profile — before the alert

HRI 84 · Advanced · NIST AI RMF qualified.

Marcus has a readiness profile. Five-course path complete. Framework scores above threshold across NIST AI RMF, ISO 42001, OECD Principles.

The platform already knows Marcus is qualified to act on AI-generated outputs in this decision context.

Fydeliticsfydelitics.ai

AI Decision Readiness

Marcus Webb · AI Governance Lead

Financial Services · Technology function

HRI

84

Advanced

5 courses complete

4 Navigator sessions MTD

Oversight

88

Operations

86

Risk

82

NIST AI RMF

85.7

ISO 42001

82.3

OECD AI

84

3-2 · HRI badge at point of decision

Qualification surfaced inside Security Copilot.

The same incident. But at the moment Marcus picks it up, his readiness profile is surfaced in context.

HRI 84. Advanced. NIST AI RMF qualified. The platform has already answered the question — and it will be in the audit record.

Fydeliticsfydelitics.ai

Security Copilot · Incident queue

HIGH

Incident 4471 · Lateral movement

EP-112 → EP-334 → EP-891 · ACC-441, ACC-887

87%
Marcus Webb · HRI 84 · AdvancedNIST AI RMF qualified

Last Fydelitics.ai activity: 13 May 2026

Analyst qualification verified by Fydelitics.ai. Decision authority confirmed.

3-4 · Navigator — grounded response

Five specific steps. NIST AI RMF GOVERN 1.7.

Marcus asks: what are my NIST AI RMF obligations before I approve a credential revocation triggered by an AI threat assessment?

The response is grounded in NIST AI RMF and the Fydelitics.ai scenario bank — calibrated to his Advanced qualification. Step 4: record your decision rationale.

Fydeliticsfydelitics.ai

AI Decision Navigator

HRI 84 · Advanced

"Security Copilot recommends isolating 3 endpoints and revoking credentials for a Finance Director and Treasury Analyst. What are my NIST AI RMF obligations before I approve?"

Based on your AI Governance Lead role and NIST AI RMF Advanced qualification:

  1. 1Verify the model's confidence threshold meets your minimum for automated action — 87% requires human verification per NIST AI RMF GOVERN 1.7.
  2. 2Confirm affected accounts (ACC-441, ACC-887) are within the model's intended deployment scope for this incident class.
  3. 3Document your independent assessment of the lateral movement indicators — do not rely solely on the AI summary.
  4. 4Record your decision rationale, including whether you agree with the AI's confidence score and what evidence you reviewed.
  5. 5If approving credential revocation for senior roles (Finance Director), escalate notification to the CISO in parallel.
NIST AI RMFOECD AI PrinciplesFydelitics.ai scenario bank
3-5 · Approval — with rationale

Same action. Completely different audit log.

Marcus approves. Same action as before. But the audit log now contains his rationale, the signals he reviewed, the framework he applied, his HRI at the moment of decision, and a reference to the Navigator query.

When the auditor asks if the human was qualified — there is a complete, timestamped, verifiable answer.

Fydeliticsfydelitics.ai

Analyst Action — logged

APPROVED · evidenced

Decision rationale

Reviewed 14 correlated signals. Lateral movement pattern consistent with credential-based pivot. Confidence 87% meets threshold. Accounts ACC-441 and ACC-887 within model deployment scope. Escalation notification sent to CISO per NIST AI RMF GOVERN 1.7. Approving endpoint isolation and credential revocation.

AnalystMarcus Webb · HRI 84 · Advanced
FrameworkNIST AI RMF GOVERN 1.7
Navigator querynav-q-4471-a · 14:32
EscalationCISO notified · 14:33
Timestamp19 May 2026 · 14:34
3-6 · The regulator's question — answered

Evidence pack attached.

The same question. Now answerable. HRI 84. NIST AI RMF 85.7. The decision rationale. The Navigator query. The certification record.

Every element of Marcus's readiness is documented, timestamped, and traceable to his specific decision.

Fydeliticsfydelitics.ai

AI Governance Audit — Q2 2026

Auditor question

"Please provide evidence that the human reviewer of Incident 4471 was qualified to approve an AI-generated threat response under NIST AI RMF."

Fydelitics_Evidence_Marcus_Webb_4471.pdf

Marcus Webb · HRI 84 Advanced · NIST AI RMF 85.7 · approved 19 May 2026 · 14:34

Decision rationale
Navigator query log
Certification record
Framework citations
Side by Side
3-7 · Side by side

Same analyst. Same AI. Same incident.

One outcome leaves the organisation exposed. The other closes the loop.

Fydeliticsfydelitics.ai
Without Fydelitics.ai
With Fydelitics.ai
Analyst reviews AI recommendation with no readiness record on file.
Analyst's HRI 84 · Advanced is verified before the review begins.
No structured framework applied. Analyst acts on instinct and experience.
Decision Navigator surfaces the exact NIST AI RMF obligations for this decision class.
Approval logged as a name and timestamp. No rationale. No framework reference.
Approval logged with full rationale, HRI score, framework citation, Navigator query ID and timestamp.
Override leaves no documented basis. Audit trail incomplete.
Any override is documented with the specific basis for disagreeing with the AI's confidence score.
Regulator asks: was the human qualified? Answer: unknown.
Regulator asks: was the human qualified? Answer: evidence pack attached — HRI 84, NIST AI RMF 85.7.
Risk is invisible until something goes wrong — or until the auditor asks.
Risk is measured, monitored and continuously evidenced across every analyst in the organisation.
Closing
4-1 · The three products

The human readiness layer that makes Security Copilot enterprise-safe.

Capability Builder to certify the analyst before they act.

Readiness Control Plane to measure their qualification continuously.

Decision Navigator to guide them at the exact moment a recommendation arrives.

Fydeliticsfydelitics.ai

Fydelitics.ai

Human readiness layer

Microsoft

Security Copilot

Capability Builder

Certify the analyst before they act

Readiness Control Plane

Measure qualification continuously

Decision Navigator

Guide them at the moment of decision