SYS_ACTIVE // KHUSHI SHAH

02 / AI Workflow Design

RiskLink

Designing and Engineering a voice-led
cyber-risk assessment workflow.

“The goal was to make the first conversation more useful before a human needed to step in.”

VOICE AICyber Risk AssessmentHUMAN HANDOFF

A "useful" first conversation reduces repetition without pretending to replace judgment.

Follow the workflow ↓

The Situation

The team needed risk context
before they could evaluate risk.

RiskLink sold cyber-risk insurance. Before a quote or underwriting conversation, the team needed to understand a prospective customer's network environment and current security posture.

That first assessment was necessary, but repetitive and time-consuming. An average call took about 2 hours.

What a RiskLink Team Member Needed to Learn

How is the customer's environment set up?

Which security practices are already in place?

Where are the gaps or follow-up areas?

What context is needed before a human conversation?

01

What the intake looked like before

The problem was not a lack of expertise. It was that human time was spent repeatedly gathering foundational information before the team could focus on higher-value judgment.

01Prospective client
02Call with RiskLink team
03Network & security questions
04Manual notes + interpretation
05Follow-up or quote workflow

The first conversation should collect context — not consume all the expert time.

The Product Insight

The first conversation
is a workflow.

It can be made more consistent, less repetitive, and easier to hand off — without making the AI pretend it can make the final decision.

02

What we chose to build first

The MVP focused on one reliable path from conversation to structured output — not a complete underwriting engine.

Voice conversation
Domain questions
Clarifying follow-ups
STRUCTURE + ASSESS
STRUCTURED JSON OUTPUT
REPORT + TEAM HANDOFF
VOICE-LED INTAKESTRUCTURED RISK MAPHUMAN FOLLOW-UP

Intentional scope

We intentionally did not try to build personalization, historical tracking, compliance mapping, advanced cross-domain intelligence, or a fully automated underwriting engine in the first version.

03

Making the risk conversation structured

The conversation needed to surface enough context across core security domains to give the RiskLink team a structured starting point for follow-up.

Access ControlsAntivirusAsset ManagementBackupsData ProtectionIncident ResponseSystem SecurityTraining &AwarenessInitial cyber-riskpicture
04

Where I contributed

01

Understanding the intake workflow

Worked with the client-side owner of RiskLink to understand what their team needed to learn before moving toward a quote or insurance decision.

02

Voice interaction concept

Helped shape the idea of using OpenAI Realtime to make the first interaction feel more natural than a static questionnaire.

03

Structured outputs

Helped define how conversational responses could become structured JSON data rather than unorganized call notes.

04

Report-generation flow

Helped connect the structured assessment output to PDF report generation for team follow-up.

05

Product boundaries

Helped shape where the AI should ask clarifying questions, answer directly, or defer to the RiskLink team.

05

Useful AI also knows when to defer.

When users asked questions outside the product's authority — quote timelines or final insurance decisions — the system did not invent certainty. It clarified the next step and handed the conversation back to the RiskLink team.

A user asks

When will I get a quote?

Can you tell me whether I qualify?

What is my final insurance decision?

The product response

“A member of the RiskLink team will follow up with you.”

RESPONSIBLE HANDOFF

The system paused at the boundary of its authority and passed the conversation to a human — every time.

06

Turning a conversation into something the team could use

Structured assessment outputs were converted into a final report through a JSON-to-template generation flow.

API STORAGEREPORT GENERATORuser_information.jsonDomain JSON FilesDOCX Templatereport_generation.pyGenerated DOCXFinal PDF Report

What This Flow Makes Possible

01

Conversation becomes structured input

02

Structured data feeds a repeatable report

03

The report creates a usable handoff for the team

What the MVP Did — and Did Not Do

The MVP did

guide a first risk conversation

capture structured answers

ask clarifying questions

organize information across eight domains

generate a report

create a human follow-up path

The MVP did not try to

replace underwriting judgment

make final insurance decisions

fully personalize every question path

map every compliance framework

predict risk outcomes

automate future steps of the customer journey

07

What I would validate next

I would test how different conversation structures affected completion quality, user comfort, and how useful the resulting report was for the RiskLink team.

Testing Loop

ConversationflowCompletionqualityReportusefulnessRevisedquestions