
Aelix Assurance · InsurTech claims automation
Settle the simple claims in seconds. Catch the suspicious ones before payout.
Aelix Assurance is an AI-driven P&C claims platform that ingests First Notice of Loss, reads the documents, triages the damage, scores fraud, and auto-adjudicates the straightforward claims. While routing the risky ones to your adjusters and SIU. One authenticated pipeline, running inside your perimeter.
Aelix Agents · Agentic AI · Now in active build
An agentic layer over the claims pipeline.
Assurance now includes an agentic layer. Autonomous, tool-using agents that act through Assurance's governed APIs, run the routine claims work, and escalate the judgment calls to a human. Every agent is human-in-the-loop by default, runs inside your perimeter, and writes each step to the same audit trail as the rest of the platform.
Claims Adjudication Agent.
Runs FNOL to extraction to triage to fraud score and auto-settles the clean claims, routing the rest with a recommendation.
FNOL Intake Agent.
Conducts the first-notice conversation, validates documents, and opens a structured claim.
Fraud Investigation Agent.
Builds the SIU case file (linked claims, anomalies, prior history) for an investigator to act on.
Agents act only through permissioned, least-privilege APIs. They never settle a claim, deny coverage, or push an investigation outcome without a credentialed adjuster's sign-off, and the SIU keeps the final call on every fraud route. The reasoning model is a swappable component: run a local model on-prem for full data residency, or a hosted model where policy allows.
Now in active build. The first agents ship as configurable, versioned workflows.
The problem
Two costs that pull in opposite directions.
Property & casualty claims operations are stuck between two costs that pull in opposite directions: the cost of moving slowly, and the cost of moving carelessly.
Manual and slow.
Adjusters re-key invoice line items by hand, chase documents across inboxes, and eyeball damage photos. A simple auto claim can sit in a queue for days before anyone touches it. While the policyholder's patience, and their loyalty, drains away.
Leakage-prone.
When every claim is worked the same way, overpayment hides in the volume. Inconsistent severity calls and missed duplicate line items quietly inflate loss costs across the book.
Reactive on fraud.
Fraud is too often caught after the check is cut. By the time a pattern is obvious, the money is gone, and the SIU is doing recovery instead of prevention.
Assurance closes all three gaps in a single pipeline. Built as real, working software, not a slide.
Available today
Shipped, running code. One pipeline, end to end.
One pipeline: FNOL to decision
Assurance runs a complete P&C claims-automation pipeline as connected, asynchronous workers. A claim enters through First Notice of Loss, flows through document extraction, damage triage, and fraud scoring, and lands on a decision (auto-approved, routed to an adjuster, or escalated to SIU) without a human touching the routine steps. The stages are distinct domains in the backend (claims, fnol, vision, fraud, policy, rating, retention, audit), so each is independently observable and independently improvable.
Real document extraction with local OCR
Document extraction runs on real local OCR. Tesseract via `pytesseract`, with `pdf2image`/Poppler rasterizing multi-page PDFs before they are read. Extracted line items carry a per-field confidence so adjusters see what was read and how reliably. When the OCR binaries are not present on a host (CI, a minimal container), a clearly labelled deterministic fallback keeps the pipeline green rather than failing the claim. A managed cloud-OCR option drops in behind the same `_extract` interface.
Damage triage that reads the actual image
Damage triage is genuine image analysis, not a placeholder. Assurance reads the real uploaded image bytes with Pillow and computes pixel and region features (edge density, dark fraction, brightness variation, saturation, and a 3x3 region-damage grid) then a trained scikit-learn severity head maps those features to a severity class (minor / moderate / major / total). Bounding boxes come from the real region grid, and each region gets a repair-type narrative and an estimated cost. We are precise about what this is: an honest heuristic triage that prioritizes and pre-fills, not an object-detection model. That distinction is documented in the model card.
A real fraud model inside the adjudication path
Fraud scoring is not a dashboard you check after the fact. It is a trained model sitting in the decision path. A scikit-learn GradientBoosting classifier produces a 0 to 100 fraud probability per claim, and that score routes the claim: at or above the SIU threshold it is auto-routed to the Special Investigations Unit with a recorded detection. At or below the auto-approve threshold it clears straight through. Everything in between goes to an adjuster. A transparent rule-based scorer is the deterministic fallback if the model artifact is ever unavailable, so the pipeline never stalls.
A real actuarial rating engine
Rating is a working multiplicative actuarial computation over documented rating tables. Base rate by product, then relativities for class, driver age, prior claims, territory, coverage, telematics, and mileage. Not RNG and not hardcoded. Each factor comes from a lookup table or a documented curve, and the quote carries a confidence that reflects how complete the risk inputs are.
Proactive retention, not just claims
Keeping a policyholder is cheaper than winning a new one. Assurance runs automated retention workflows. At-risk scoring that triggers renewal outreach, offers, and follow-up tasks. So the relationship is worked before renewal, not after a lapse.
Enterprise security, built in
Assurance ships with the controls regulated carriers ask for in diligence. CSRF protection (double-submit token on every state-changing API call), PII log scrubbing that redacts emails, phone numbers, card-like numbers, and tokens before they hit a log line, field-level encryption at rest (Fernet) on the most sensitive PII columns, strict file-upload validation (content-type, extension, and size allowlist), and no default admin credential. The bootstrap admin is provisioned from the environment with a required or generated password, never a shipped default. RBAC and audit logging run across the platform, and backups are env-driven.
How it works
One continuous flow from notice of loss to decision.
01
Claim intake (FNOL).
A loss is captured through guided First Notice of Loss, with documents and photos attached and validated on upload.
02
Extract.
Real local OCR reads the documents and pulls structured line items with per-field confidence.
03
Triage.
The vision worker analyzes the actual image pixels and a trained severity head classifies damage by region, with bounding boxes and estimated repair cost.
04
Score.
The trained fraud model produces a 0 to 100 fraud probability from the claim's features.
05
Auto-approve or route.
The score decides: clear straightforward claims automatically, route mid-risk claims to an adjuster, and escalate high-risk claims to SIU with a recorded detection.
06
Adjuster review.
Humans work the claims that need judgment (with the extraction, triage, and fraud signal already assembled in front of them) and every step lands in the audit log.
The honest metrics
Measured numbers, not marketing literals.
We tier our claims by what is provable in code, and we report measured numbers. Not marketing literals.
Metrics are computed, not hardcoded.
OCR, vision, and fraud numbers come from a held-out evaluation set via an eval script and a single metrics file. Replacing the old hardcoded '99.9%'-style stats. On the current synthetic eval set the models post honest, modest figures (for example, vision severity accuracy in the mid-0.70s. The fraud model is a genuine learned classifier, not a stand-in). These characterize the shipped pipeline, not a real carrier's book.
A real fraud model in the decision path.
GradientBoosting scoring that actually routes claims to auto-approve, adjuster, or SIU.
Real OCR and real image analysis.
Tesseract over documents. Pillow pixel/region features plus a trained severity head over photos.
Security hardening as a differentiator.
CSRF, encryption at rest, PII scrubbing, validated uploads, and no default credentials are closed and in the code. Not on a backlog.
On-prem-first, cloud-portable.
Runs inside your perimeter today, with a clean path to cloud.
On the roadmap
Explicit about what is forward-looking. Nothing reads as a present-day fact.
We are explicit about what is forward-looking, so nothing here reads as a present-day fact.
Production-grade computer vision.
Today's triage is honest heuristic image analysis plus a trained severity head. A YOLOv8-class object-detection damage model (needing GPU, labelled crash/damage imagery, and weights hosting) drops in behind the same detection interface.
Managed cloud OCR.
Local Tesseract ships now. A Textract / Azure Document Intelligence option is a drop-in behind the same extraction interface, pending vendor credentials.
Core-system integrations.
A pluggable adapter contract for Guidewire / Duck Creek is already in place. The default refuses rather than fabricating a vendor call. Live adapters await SDK credentials and sandbox onboarding.
Models trained on real carrier data.
Today's models train on engineered synthetic claims behind stable interfaces. Swapping in licensed, labelled carrier data changes nothing downstream and is the prerequisite before any externally published accuracy claim.
Operational readiness.
Load testing and SLOs, a backup restore drill, and on-call are tracked ops items on the path to production.
SOC 2 Type II and ISO 27001.
The control posture is already in the code. The certifications require completed third-party audits, which are in progress.
Security and compliance
Engineered for carriers that have to keep PII inside their own perimeter.
SOC 2-aligned controls.
Role-based access control and audit logging across the platform, CSRF protection on every state-changing call, and file-upload validation on the document path.
Encryption at rest.
Application-level Fernet encryption on the most sensitive PII columns, so ciphertext is what lands on disk.
PII stays out of logs.
A log-scrubbing processor redacts emails, phone numbers, card-like numbers, and tokens before they are written.
No default credentials.
The bootstrap admin is provisioned from the environment with a required or generated password. There is no shipped default to find.
GDPR-ready by design, and on-prem-first.
Single-host deployable with no exposed datastore ports, and a clean path to AWS/GCP/Azure when you want it.
Certifications such as SOC 2 Type II and ISO 27001 are on the roadmap. The underlying controls they audit are already implemented.
See it on your claims
See Assurance on your own claims.
Bring your claim types, your documents, and your fraud thresholds. We will show you a claim move from FNOL through OCR, triage, and a real fraud score to an auto-approval or an SIU route. End to end, on real working software, inside your perimeter.
Frequently asked
Questions teams ask in the second meeting.
Is the fraud model real, or is it a rules engine in disguise?
Real. It is a trained scikit-learn GradientBoosting classifier that outputs a 0 to 100 fraud probability per claim, and that score routes the claim. Auto-approve, adjuster review, or SIU escalation. A transparent rule-based scorer exists only as a deterministic fallback if the model artifact is ever unavailable. Today the model is trained on synthetic claims, so its measured numbers are honest and modest. Retraining on licensed real claims data is the prerequisite before publishing any external accuracy figure.
Is the damage detection actually computer vision?
It is genuine image analysis: we read the real uploaded image bytes with Pillow, compute pixel and region features, and a trained severity head classifies the damage by region with bounding boxes and cost estimates. We are deliberately precise. This is honest heuristic triage, not object detection. A YOLOv8-class object-detection model is on the roadmap and drops in behind the same interface. It needs GPU and labelled imagery we do not fabricate.
Where do your accuracy numbers come from?
A held-out evaluation set, computed by an eval script and stored in a single metrics file that the app reads. We removed the old hardcoded '99.9%'-style literals. The current numbers reflect models trained on synthetic data. They prove the pipeline learns and is measured honestly, not a real-world accuracy claim.
Is it production-ready and secure?
The security blockers that previously made it a no-go are closed in code: CSRF protection, field encryption at rest, PII log scrubbing, file-upload validation, and no default admin credential, on top of RBAC and audit logging. Remaining production items (load testing and SLOs, a restore drill, on-call, and SOC 2 Type II / ISO 27001 audits) are tracked and forward-looking, and we will not represent them as done.
Can it plug into our Guidewire or Duck Creek core system?
A pluggable adapter contract is already in place, and the default deliberately refuses rather than faking a vendor call. Live Guidewire / Duck Creek adapters await SDK credentials and sandbox onboarding. A scoped integration step, not a rewrite.
Need this tailored to your environment?
Every Aelix product can be configured, extended, or built bespoke for your industry, data sources, and compliance constraints. Talk to our engineers about what would change.
Configurable workflows
Adapt rules, thresholds, and approval flows to match your operational policies.
Custom data integrations
Connect to your specific ERP, MES, SCADA, CRM, or proprietary systems.
Bespoke modules
Build product extensions tailored to your industry, region, or compliance needs.