Skip to content

Safe GenAI Adoption for a National Retailer

Helping a national retailer roll out a GenAI shopping assistant while keeping customer data contained and classified.

RetailGenAI assistant launched with customer data provably contained

Client profile

A national Australian retailer launching a generative AI shopping assistant connected to product, loyalty, and order-history data across cloud and SaaS systems.

The challenge

The retailer wanted the commercial upside of a GenAI assistant but couldn't risk leaking customer or loyalty data through it. They had limited visibility into where sensitive data lived across their cloud and SaaS estate, and how much of it the assistant could reach.

What we did

  • Ran data discovery and classification across cloud stores, SaaS, and the RAG pipeline.
  • Tested the assistant for prompt injection, context leakage, and insecure output handling.
  • Scoped the assistant's data access down to only what each feature required.
  • Established ongoing posture monitoring for the data feeding the model.

What we found

  • The RAG pipeline could surface loyalty data unrelated to the customer's query.
  • Shadow copies of customer data sat in an analytics bucket the assistant could read.
  • Output handling didn't strip sensitive fields before responding.

The outcome

The retailer launched its GenAI assistant on schedule with classified, least-privilege data access, output filtering, and continuous posture monitoring, adopting AI without expanding its customer-data exposure.

We got to say yes to GenAI because someone finally showed us exactly what it could and couldn't touch.
Chief Information Officer, Retail

Book a Free 60-Minute Briefing

A scoping discussion and threat-landscape overview with our ANZ specialists. No sales pressure.

Book a Briefing