Building AI-Ready Knowledge Bases in Regulated Industries

The promise of AI in consulting is compelling: instant access to decades of institutional knowledge, automated research synthesis, AI-generated first drafts grounded in your firm's best work. McKinsey's Lilli platform reportedly saves consultants 30% of their research time by searching across 100,000+ internal documents.

But there's a question that the AI enthusiasm tends to skip over: what's actually in those documents? And is it safe to feed them into an AI system?

The data quality problem nobody talks about

Most consulting firms' document repositories are full of raw client deliverables — decks that contain client names, logos, financials, strategic plans, and competitive intelligence. Feeding these directly into a RAG system or LLM creates a serious confidentiality risk: the AI might surface a client's M&A strategy in response to a query from a different engagement team.

This isn't hypothetical. Consulting firms regularly report that information-barrier compliance is the single biggest blocker to deploying AI on their document repositories — because without sanitisation, the system has no way to prevent one client's confidential material from appearing in another engagement's results.

The current workaround isn't working

Most firms respond in one of two ways. Some restrict AI access to only "safe" content — published thought leadership, sanitised case studies, and public research. This protects confidentiality but gives the AI system a tiny fraction of the firm's actual knowledge.

Others rely on access controls, assuming that if only the right people can query the system, confidential content won't leak. But access controls protect against unauthorised users — they don't prevent the AI from mixing confidential content from different clients in a single response.

The missing step: document-level sanitisation

The real solution is straightforward in concept, even if it's been hard to execute until now: sanitise the documents before they enter the AI system. Remove client-identifying information at the document level so that the knowledge base is clean by design, not just protected by access rules.

This approach has a major advantage: once the content is sanitised, you can open it up more broadly. More consultants can search it, more AI tools can process it, and the knowledge becomes genuinely reusable — not just theoretically accessible.

The challenge has always been doing this at scale. Manual sanitisation doesn't work for thousands of documents. But automated, context-aware sanitisation changes the calculus entirely.