Every Consulting Firm Tries These Three Approaches to Unlock Confidential Decks. They All Break.

Last updated: March 2026

Every consulting firm I talk to is trying to solve the same problem: how do you make your best work accessible when almost all of it is confidential?

They all end up in front of the same three doors. And every door leads to a wall.

Door 1: Feed every deck into AI and hope the guardrails hold

This is the most tempting option, especially when leadership is pushing for AI adoption and the technology team has a RAG pipeline ready to go. The logic sounds reasonable: ingest all your PowerPoint slide decks into the knowledge system, then rely on output-layer guardrails — access controls, sensitivity filters, prompt constraints — to prevent confidential content from surfacing where it shouldn't.

It doesn't hold up.

When you give a natural language interface access to untreated slide decks, every query is a potential path to confidential information. The user doesn't even need to be trying. A query about "post-merger integration in retail banking" pulls a fragment from a confidential expert interview conducted for a specific client. The guardrail doesn't flag it because the fragment reads as relevant industry commentary, not as a client-identifying detail.

This isn't a contrived edge case. It's the normal operating mode of a RAG system built on consulting content. The system's job is to find relevant material. The most relevant material is the most detailed. And the most detailed material is the most confidential.

The direction of travel makes this worse, not better. Agentic AI — systems that chain multiple tools, query the same repository from different angles, and synthesise across sources — multiplies the surface area. An agent that queries for "Nordic market entry" and separately for "client revenue profile in food manufacturing" might combine fragments that individually seem harmless but together narrow to a single identifiable client.

Output-layer guardrails are always playing catch-up against the combinatorial complexity of a knowledge base full of confidential consulting deliverables. The only way to win that game is not to play it.

Door 2: Exclude confidential slides entirely

This is the "safe" option. Only ingest content that's been cleared for broad access: published thought leadership, anonymised case studies, internal templates, training materials. Nothing that could create a confidentiality risk.

The problem is what's left. You're not trimming the edges of your knowledge base. You're hollowing it out.

In most consulting firms, only 5–15% of institutional knowledge is accessible for AI or reuse. That means your AI copilot — the one you spent millions deploying — runs on 5–15% of your firm's actual expertise. It returns the same thin layer of sanitised content for every query. Consultants try it twice, find it useless, and go back to asking colleagues over coffee.

I've watched this play out at multiple firms. The knowledge management team knows the system is underpowered. Leadership sees low adoption and questions the investment. The AI vendor runs diagnostics and confirms the system is technically fine — it's just starving for content. The real prerequisite is building an AI-ready knowledge base, and that starts with solving the content pipeline.

The worst outcome here isn't that the AI fails. It's that the firm concludes "AI doesn't work for us" and shelves the initiative entirely. The problem was never the AI. It was the input.

Door 3: Manual redaction before ingestion

In principle, this is the right answer. Treat the content before it enters the system. Remove confidential detail. Preserve the analytical value. Feed clean, safe content into your AI and knowledge platforms.

In practice, it creates two problems.

First, the overhead. Manual redaction of a consulting slide deck takes 1–3 hours per document, depending on length and complexity. I've spoken with a procurement advisory firm whose knowledge management team — four people — processes 10–15 documents per week, each taking 3–7 hours. A Head of KM at a boutique firm spends 2 full days per week on sanitisation. Essentially alone. Another firm has 400-page decks that take a full day each to sanitise.

Multiply that across the backlog. One firm has 3,000 projects waiting to be processed. At 2 hours per deck, that's 6,000 hours of work — three full-time employees doing nothing else for a year. And new projects keep arriving.

Second, false completion. Because manual redaction exists as a process, leadership assumes the problem is being solved. In reality, the team triages ruthlessly. They process the most-requested decks, the ones with the highest reuse potential, the ones that are easiest to clean. The rest — the proposals, the financial models, the expert interview syntheses, the complex multi-section PowerPoint presentations — never get touched. The process covers 5–20% of what's useful, but the organisation believes it's handling the problem.

Offshore teams reduce the per-document cost but introduce their own problems: longer turnaround, less contextual understanding of what's actually sensitive in a consulting context, and quality control overhead that partially offsets the savings.

The common thread: sensitivity in a consulting slide deck is semantic, not a keyword list

All three doors break for the same underlying reason: confidential content in consulting doesn't follow simple rules.

"Revenue grew 34% in the Nordic region." Is that sensitive? It depends. If the slide also names the client, obviously yes. If it doesn't, but the deck is about a specific sector with three players in the Nordic market, it might narrow to a single company. The sensitivity isn't in the number or the geography — it's in the combination.

"Client operates 47 plants worldwide." There might be only one company that fits that description. The number is the identifier, but you'd only know that if you understood the industry context.

A chart showing quarterly performance with a Y-axis that starts at a specific revenue figure. A colour palette that matches the client's brand guidelines. A proprietary framework name that only one company uses internally. An interview quote attributed to "Head of Operations" in a deck that's already narrowed to a specific sector and geography.

This is why keyword-based redaction tools don't work on consulting content. They catch the obvious stuff — the client name, the logo on page 1. They miss the 80% of sensitivity that's contextual, compositional, and semantic. And they miss it consistently, because they were built for a different kind of problem.

The answer isn't a better version of any of these three doors. It's a fourth door: automated, context-aware redaction that understands what makes consulting content sensitive — across text, charts, images, metadata, and the relationships between them. Treatment at the content level, not the document level or the output level. Our complete guide to consulting redaction covers what this approach requires in detail.

Knovari built a sensitivity framework to map this problem precisely. Not a keyword list — a structured taxonomy spanning direct client identifiers, indirect inference risk, and non-public information. Because you can't automate what you haven't defined, and you can't define it without understanding consulting content from the inside.