Case Study 13 | Company A, SIer for business applications for electric power companies
Agentic AI autonomously monitors business applications for power infrastructure 24/7.
Established a system that automatically generates countermeasure patches in an average of 23 minutes after JVN publication
Industry
Contract development and maintenance of business applications
Implementation target
Security operations department for existing business application portfolio
Implementation period
2-month PoC → 5-month phased rollout
Company A is a contract development and maintenance SIer that provides business applications for electric power companies. Because these applications support core operations in power infrastructure, extremely high security requirements are imposed due to their social impact, and rapid response after the publication of new vulnerabilities (CVE) had become a condition for business continuity. Previously, monitoring, patch creation, testing, and deployment were handled manually, requiring an average of 5 to 8 business days to complete. However, the accelerating pace of vulnerability disclosures and cyberattacks made this process increasingly unsustainable. By introducing an autonomous security operations platform based on CLAVI Mining's agent technology, Company A built a system in which AI agents autonomously execute the flow from JVN (vulnerability database) publication to countermeasure patch generation, testing, and production deployment candidates.
Challenges Before Implementation
The challenges faced by Company A had a three-layer structure.
First was the lack of speed in vulnerability response. After JVN or CVE publication, it took an average of 5 to 8 business days to assess the impact on target applications, design patches, test them, obtain customer approval, and apply them to production. During this time, the risk of attacks succeeding became apparent. In particular, for zero-day vulnerabilities, the inability of manual operations to keep up had become an industry-wide issue.
Second was exhaustion among maintenance engineers. While maintaining approximately 60 systems for multiple customers, field engineers were forced to respond late at night and on holidays whenever vulnerabilities appeared, causing turnover to rise above the industry average.
Third was the increasing demand for accountability from customers, namely electric power companies. Company A was required to report to the power companies' security departments, with evidence, when and how each vulnerability was addressed. Manual evidence management could no longer keep up with the rising expectations for audit quality.
Management shared the view that a security operations model based on human labor could not be sustained five years into the future, and the transition to autonomous operations using AI agents was positioned as an important initiative in the medium-term management plan.
Reasons for Selection
The biggest reason Company A selected CLAVI Mining's agent technology was its mutual monitoring and self-correction architecture using multiple agents. Rather than allowing a single AI to execute autonomously, the design in which execution agents, verification agents, and supervisory agents check one another's outputs matched the reliability requirements of applications for social infrastructure.
The second reason was its patented hallucination suppression technology. In vulnerability response, an incorrect countermeasure can directly become a new security risk, so it was an absolute requirement that the AI not output plausible but fictional countermeasures. The decisive factor was a design in which multi-layer feedback control and a fact-checking policy engine cross-reference JVN, official vendor information, and internal knowledge.
The third reason was transparent logging. The ability to permanently retain evidence of what decisions and actions the AI agent group made structurally improved the quality of security reporting to electric power companies.
The fourth reason was flexible design of human intervention points. The mechanism for precisely defining how far AI should be allowed to act and where humans should review based on business risk made practical implementation possible.
Agent Operations Architecture
The agent operations architecture built by Company A generally operates through a five-stage flow.
Stage 1 | Monitoring agent. It monitors JVN, CVE, NVD, and official vendor information 24 hours a day and immediately collects new vulnerability information. Detected vulnerabilities are automatically matched with affected applications.
Stage 2 | Evaluation agent. It automatically evaluates impact based on CVSS, internal importance, and SLA obligations under electric power company contracts, then classifies response priority. Highly urgent issues are immediately passed to the patch generation process.
Stage 3 | Countermeasure generation agent. It references internal code assets, official vendor patches, and related documentation to draft countermeasure patches. The generated result is passed to the verification agent in the next stage.
Stage 4 | Verification agent. It independently verifies the generated patch and checks for side effects, impact on existing functions, and any new security risks. If issues are found, it sends the result back to the countermeasure generation agent.
Stage 5 | Supervisory agent plus human intervention. After a patch passes verification, the supervisory agent evaluates business impact and classifies it according to risk level as requiring human review, notification only, or candidate for automatic application approval. Final approval is handled by either a human or an automated approval flow depending on business risk.
Results After Implementation
[Response lead time] From JVN publication to completion of countermeasure patch generation and verification, the average was reduced from 5 to 8 business days to 23 minutes, a 97% reduction. Even for urgent zero-day vulnerabilities, high-speed response that was impossible with manual operations became routine.
[Maintenance engineer workload] Emergency calls at night and on holidays decreased from an average of 14 per month to fewer than 1 per month, a 93% reduction. Engineer turnover improved significantly year over year, and the company gained a stronger reputation in the recruiting market as an SIer that saves field teams with AI.
[Reports for electric power companies] Evidence management was fully automated, reducing the work required to create quarterly security reports from 60 hours to 3 hours. The security departments of electric power companies also highly evaluated it as an advanced industry case.
[Business impact] By positioning security response capability as a differentiating factor, the company improved its win rate in new SIer selection projects. Industry-fastest vulnerability response became a core sales message.
Comment from the Head of Security: "It has been three years since we began feeling that manual work could no longer keep up. Agent technology has finally become the answer. Because the multi-agent system monitors itself mutually, both the field and management can entrust it with confidence."
Insights from This Case Study
Company A's case shows the industry reality that security operations for business applications supporting social infrastructure can no longer be sustained by human labor alone. In response to the triple challenge of faster vulnerability disclosures, accelerating cyberattacks, and talent shortages, a structural transition to autonomous operations using AI agents is becoming not merely an option but an essential path.
However, to satisfy the reliability requirements of social infrastructure, the top selection criteria should be a four-part set: mutually monitoring agent groups rather than a single AI, patent-level suppression of incorrect answers, transparent logs, and flexible design of human intervention points.
*This article is a dummy case study created as a structural example. Company names and figures are fictional.