How Owkin Averted $13M in Risk Exposure With Geordie AI

Company Background

Owkin is a pioneering AI company operating at the intersection of machine learning, biomedical research and drug discovery. Founded with a mission to apply frontier AI to real-world scientific problems, Owkin builds and deploys AI models and agents to accelerate drug discovery, improve patient outcomes and unlock insights from some of the world's largest biomedical datasets, including over 50 petabytes of data spanning genomics, imaging and clinical research.

Unlike most organizations that use AI as a productivity tool, AI is Owkin's core product. The company runs hundreds of agents across its infrastructure, drawing on multiple large language models simultaneously, including Claude, ChatGPT and Gemini, and has built its own internal AI platform comparable to ChatGPT but purpose-built for bioscience research. Owkin's customers include major pharmaceutical companies, academic medical centers and research institutions, all of whom hold Owkin to rigorous standards of AI safety, data governance and regulatory compliance.

As CISO, Leo Cunningham oversees security, governance, risk, compliance and, increasingly, AI safety across the organization. Every initiative his team runs is tied to measurable business outcomes through an OKR framework, with expected ROI defined before any investment is made.

The Challenges

Owkin's AI-first model created a governance problem that few organizations have had to confront at this scale or this early. The company was building and deploying agents faster than any existing security tool was built to observe, and with pharmaceutical partners, regulatory bodies and enterprise customers asking increasingly pointed questions about AI safety, operating without visibility was no longer an option.

The core problem was not a lack of security tools. It was a lack of the right tools for this specific problem.

Existing solutions in Owkin's stack, like CSPM, CNAPP and cloud compliance platforms, provided consolidated views of traditional infrastructure risk. None of them were built to see inside an AI agent ecosystem. There was no inventory of agents in production, no visibility into tool usage, no way to trace how LLMs connected to downstream systems, and no mechanism to detect risks introduced through prompts, credentials or connected libraries.

Requirements

No credential or data leakage detection No mechanism to detect when agents were passing sensitive information through prompts or connected services
No agent inventory No visibility into which agents were running, who had deployed them or what they were connected to
No tool usage visibility No way to track which tools agents were calling or how those tool chains connected across the environment
No compliance or evidence for AI No way to respond to pharma partner audits or RFP questions about EU AI Act compliance without manual, time-consuming evidence gathering
No consolidated risk view No single platform that tied AI risk to business impact, regulatory frameworks and quantifiable exposure

Why Geordie

Owkin evaluated the market carefully before selecting Geordie, and most of what existed was either too narrow or built for a different problem entirely.

The Competition Focused on Performance. Owkin Needed Security

The tools that came closest were focused on model performance monitoring or individual layers of the stack, like the LLM, the prompt or the MCP server, without connecting them into a coherent picture of agent risk. For Owkin, operating an environment where hundreds of agents interact with multiple LLMs, external APIs and sensitive biomedical data, a siloed view was the same as no view.

Time to Value Was Decisive

Owkin had been through enough security POCs to know that most tools take weeks to surface anything meaningful. Geordie was different.

The immediate discovery of previously unknown agents, risks and connections, within a single POC session, made the business case before the formal evaluation was complete.

The Team and the Relationship Mattered As Much As the Technology

For a CISO operating at the pace Owkin moves, vendor responsiveness is not a nice-to-have. It is a risk factor.

When we give them feedback, feature improvements, or maybe something needs slightly tuned, this stuff is done almost instantaneously. There's constant communication. That's super important for me as a CISO because I don't want to be chasing someone. Weekly calls, everyone's super engaged, and that relationship just gets stronger each month.

No Proxy. No Complexity. No Dependency Chain

Owkin was clear that any solution requiring a proxy or gateway would introduce unacceptable risk and complexity in an environment already running at pace.

A proxy approach introduces an additional third-party element which could add an additional layer of complexity. I've seen products in the market where if there's something wrong with the proxy, it can just open the metaphoric floodgates. Geordie's approach is very simple to connect. You can see exactly what's being connected. There's less of a dependency chain.

All the other tools that we looked at in the market were just performance-based, which is great. But when you're trying to deal with AI safety, the security component and vulnerability management, we needed just one tool that ticked the box.

I think that the technology stands up for itself. I mean, if you're getting results within 10 minutes of plugging something in, that's pretty impressive as far as I'm concerned. You know, the fact that it's been able to map out an entire ecosystem of what's going on in the AI LLM space and detail where things are going right and where things are going wrong. That in itself is worth its weight in gold.

The team that assembled this come from great companies. They carry themselves very well in direct engagements. When we talk technical, they can match that — and in some cases, better what we say, which gives us a huge level of comfort.

The Implementation

Geordie was deployed into Owkin's environment as part of a structured POC with a clear brief: surface what existing tools had missed, tie findings to quantifiable business risk and do it quickly enough to inform an active compliance requirement.

The implementation required no rearchitecture of Owkin's existing stack. There was no proxy to configure, no gateway to route traffic through and no changes to production workflows. Geordie connected directly to where Owkin's agents lived, across cloud infrastructure, endpoints and code, and began surfacing findings within minutes.

The speed of deployment was itself a signal. For a security team that measures everything by ROI and expected business impact, a tool that produces meaningful output in under ten minutes of connection is a fundamentally different proposition from one that requires weeks of configuration before it has anything to show.

The implementation also served an internal education function that Owkin had not anticipated. As findings like unknown agents, unexpected connections and credential exposures surfaced, teams across the organization who had never engaged with security tooling before began to understand the shape of the risk their own work was creating.

The Results

327%: More agents than expected
$12–13M: Risk exposure identified and averted
10 min: EU AI Act compliance evidenced

327% More Agents Than Expected

The single most immediate finding was the scale of agent sprawl Owkin had not previously been able to see. Agents deployed across research workflows, internal tools and production systems had accumulated well beyond any existing inventory.

$12–13M in Risk Exposure Identified and Averted

Using Owkin's own mature risk quantification methodology — which assigns monetary value to exposures based on likelihood of exploitation and potential business impact — the findings from the Geordie POC translated into a calculated risk exposure of between $12 and $13 million.

EU AI Act Compliance Evidenced in Under 10 Minutes

A pharmaceutical partner RFP included a direct question about EU AI Act compliance. Before Geordie, answering that question would have required extensive manual evidence from screenshots, manual audits, and cross-referencing multiple systems.

The findings from Owkin's Geordie POC were immediate, specific and quantifiable, which is exactly what a team running on OKRs needed.

Three Critical CVEs Discovered, Which Were All Previously Undetected

Within the early stages of the POC, Geordie surfaced three critical CVEs that had gone undetected by every existing tool in Owkin's stack: MCP command injection — a newly emerging vulnerability class affecting 40 agents, carrying a high risk score; credential leakage — detected through the interconnecting components of the agent ecosystem; and confidential data flagging — agents surfacing anonymised but identifiable information, including cases where obfuscated data still triggered detection.

Competitive Differentiation in Partner Conversations

Beyond internal risk management, Geordie became a visible asset in Owkin's external conversations, with partners, prospects and enterprise customers asking increasingly specific questions about AI governance.

We found three critical CVEs, all undetected before Geordie. An example would be MCP command injection, which is still relatively new within the industry, that actually affected 40 agents, which was a really high risk score. There was also credential leakage, which is a result of different interconnecting glue within the ecosystem. And a host of agents flagging confidential data, including information that is anonymised but where there are still indicators that triggered a flag within Geordie.

During the pre-RFP stage, people have that inquisitive nature: what are you doing about AI? How do you monitor it? How do you make sure you don't have any risks if we connect to this system? Then we would say, have you heard of Geordie? 90% of the time, no one's heard of anything like this. We can send them screenshots, show them, and then that really starts to get the conversation moving towards a more confident position and being more of a market leader in what we're doing.

The Future

With the immediate POC findings addressed and the platform embedded into the security team's daily workflow, the next phase focuses on broader internal adoption, expanding visibility into user-level agent activity and deploying Beam, Geordie's proactive remediation engine.

Internal adoption is expanding organically as more of Owkin's AI and machine learning teams encounter the platform and see their own environments reflected back to them in ways no other tool has provided.

Looking further ahead, Leo sees Geordie becoming foundational to how Owkin manages the ongoing growth of its agentic environment — not just as a security tool but as the platform that makes responsible AI scale possible.

Summary of Benefits

Owkin came to Geordie as an AI-first company operating an agent environment that had grown faster than any existing tool was built to see. In the space of a single POC, Geordie delivered what years of traditional security tooling had not: a complete, connected view of every agent, every tool call, every LLM connection and every risk running through Owkin's environment.

The results were immediate and measurable: 327% more agents discovered than previously known, three critical CVEs surfaced and remediated before exploitation, $12–13 million in risk exposure averted and EU AI Act compliance evidenced in under ten minutes. Beyond the numbers, Geordie gave Owkin something equally valuable with the ability to walk into partner conversations, regulatory audits and enterprise RFPs with evidence rather than assertions.

For Leo Cunningham and the Owkin security team, the lesson is one the broader market is still learning.