Resolves Tier-0 internal tickets autonomously — identity actions, HRIS lookups, ITSM operations — within a strict whitelist, with audit trail by default and graceful human escalation when context demands it.
Internal IT and HR queues are full of work that requires no judgement, no creativity, no senior context. The same access request, the same policy question, the same onboarding action — thousands of times per year, at the expense of every initiative the team should be working on.
Password resets, group memberships, "how do I…" questions, leave-balance queries. Six-figure engineering capacity consumed on work that should have been automated three years ago.
New-hire access requests queue up behind incident response. The leaver who needs their account reactivated waits 48 hours. The auditor who asks "show me who has admin" gets a manually-assembled spreadsheet.
The "we have an AI helpdesk" project that recognises 12% of intents and escalates the rest. Users learn to skip the bot. The investment becomes the office joke.
Five concrete layers. Action library + safety architecture + identity-aware integrations + audit trail + observability. Together they make autonomous internal-operations defensible under regulatory scrutiny — and useful enough that engineers stop routing around the agent.
Three productised tiers. Same engine, same safety architecture. The difference is breadth of action library + integration depth + compliance grade.
Best for
Single-department pilots (IT helpdesk OR HR triage OR Ops queue) with 5-7 whitelisted actions.
Outcome
Single department absorbs 30-50% of repetitive ticket volume within 60 days.
Best for
Multi-department operations (IT + HR + Ops) with cross-system actions and quarterly action-library expansion.
Outcome
40-60% reduction in repetitive Tier-0 volume; senior engineering capacity reallocated to strategic work.
Best for
Regulated entities (DORA / NIS2 financial services, healthcare, public sector) requiring audit-grade operations with EU sovereignty.
Outcome
Audit-grade autonomous operations with full evidence chain; defensible posture under DORA + NIS2 supervisory review.
Looking for a bespoke implementation owned outright instead of consumed as SaaS? HOIST Implementation · from €4,990
Identity, HRIS, ITSM, endpoint management, collaboration. The standard EU SMB + mid-market stack covered natively. Custom systems wired via the REST adapter during deployment.
No per-language workflow duplication. No translation layers. The model handles user input in any major European language and routes the action against the same whitelist regardless of input language. The audit trail records the operation in your canonical reporting language (typically English) for regulatory consistency.
Every agent action carries an explicit citation to the clause the auditor will read. The audit trail is the evidence; the evidence pack is part of the deliverable on the Operate + Sovereign tiers.
Third-party ICT-risk evidence: model provider, hosting region, sub-processors, exit strategy.
Technical baseline: PII redaction, MFA-bound action surface, audit logging, incident-response integration.
Records of processing produced automatically; data subjects, categories, retention all documented.
A.5 organisational + A.8 technological controls mapped per action class with timestamped evidence.
The agent is a service in your operations stack, not a black box. The whitelist lives in your version control. The audit trail lives in your observability stack. The exit kit is the deliverable.
Action definitions live in YAML in your repository. Changes go through pull- request review. The agent reads the whitelist at startup; configuration drift is impossible.
Per-scenario resolution rate, mean time to resolve, escalation rate, cost-per- ticket. Grafana-shaped dashboards integrate into your existing observability stack.
One command exports the whitelist, the prompts, the action-library configuration, and the audit trail in machine-readable format. The agent stops; your data stays. No vendor-lock-in.
Only inside the action whitelist you approve. Anything outside that — escalation paths, password resets above a privilege threshold, account changes affecting compensation or status, deletions, financial actions — routes to a human approver with full conversation context. The whitelist is not a "guideline" the model interprets; it is the absolute set of operations the agent can invoke. Off-whitelist actions are not available to the model in the first place.
Two categorical differences. First, action execution — HOIST does not just answer "here is the policy on password resets"; it calls the password-reset API on the user's identity provider with the right MFA verification step. Second, the safety architecture — whitelist + privilege thresholds + reversibility tagging + audit trail are not bolt-ons, they are the product. Generic chatbots route 88% of conversations to humans because they cannot safely act. HOIST resolves the actions and the routing is the exception, not the rule.
Three deployment options. Default: Azure OpenAI EU region (Sweden Central) or AWS Bedrock EU (Frankfurt) — the inference runs in EU regions under the cloud provider's DPA. Sovereign tier: self-hosted Llama 3.1 70B FP8 (or Qwen 2.5 72B for multilingual estates) on your bare-metal infrastructure, no third-party data plane. Hybrid available for clients with specific routing requirements.
Every agent action produces a structured audit record: actor identity, input, retrieved context, model reasoning, action taken, downstream-system audit ID. The records aggregate into evidence packs mapped to DORA Article 28 (third-party ICT risk), NIS2 Article 21 (technical baseline), GDPR Article 30 (records of processing), ISO 27001 Annex A.5 and A.8 controls. Auditor-ready formatting included on the Sovereign tier.
Starter: 4-6 weeks from contract to first production scenario live. Operate: 8-10 weeks for the full action library + multi-department rollout. Sovereign: 12-16 weeks including custom integrations + tabletop exercises. The bespoke HOIST Implementation service is the engagement shape; this product page describes the productised SaaS that wraps the same engine.
Confidence-thresholded escalation. Below the threshold, HOIST does not "try its best" — it produces a structured refusal: "I do not have a confident answer for this. Closest matches: [list]. Escalating to a human." The escalation routes to the right queue (your existing ticketing system) with full context: the user's query, the retrieved knowledge, why the agent escalated, suggested next steps. The human picks up where the agent stopped.
Yes. The custom-action interface accepts any REST endpoint with OAuth or API-key auth. We typically add 2-5 custom actions during the initial deployment (your specific internal apps, your custom ticketing variants, your proprietary line-of-business systems). Adding more later is the Operate tier's quarterly cadence — surface the patterns from the analytics, design the action, ship it, measure the impact.
The action library, configuration, and audit logs are exportable in machine-readable format. The agent stops; your data stays. No vendor-lock-in clauses, no hostage data. The integration code we deploy in your tenant remains yours under a permissive internal-use license. See HOIST Implementation for the bespoke variant if you want to own the deployment outright rather than consume it as SaaS.
30-minute discovery call. We map your top-10 repetitive scenarios + tell you which three are HOIST-shaped today. No obligation. No high-pressure pitch.
Prefer written scope first? Email us