What is agentic AI in the WYRM context?

Agentic AI means specialist AI agents perform research, cross-referencing, and verification autonomously, on documented cadences, with a full audit trail. WYRM applies the pattern across seven modules — its two flagship engineering products, MEP (automated M&E design + coordination agents) and Data (entity-resolution + cross-domain fusion agents), plus the Procure (supplier + sanctions + carbon agents), Ledger (tender-match + bid-drafting agents), Cyber (threat-intel + OSINT + recon agents) and Legal (clause-review + regulator-watch agents) add-ons, and the standalone Healthcare line (Compass go-live RAG, Migrate GP Connect ARS replay, Manage operational memory — clinical-safety-cased for UK NHS providers). An operator submits a natural-language requirement and the system returns one ranked, evidence-backed recommendation in seconds — not a chat session.

How is WYRM different from a chatbot or copilot?

A chatbot answers one user prompt at a time from a static knowledge base. A copilot summarises the screen the operator is on and drafts text in that single context. Agentic AI runs specialist agents in parallel against external live data sources, fuses their verdicts through a regime-adaptive confidence ensemble, and produces a structured recommendation with source-linked evidence. WYRM's decisions are multi-source, time-sensitive, and legally defensible — they need the third pattern.

Do all seven WYRM modules share the same agentic substrate?

Yes. The same orchestration engine, ensemble fusion layer, audit log, and MCP gateway power every module. What differs per module is the agent roster, the data feeds, and the canonical output shape. That shared substrate is also what WYRM's flagship engineering products — WYRM MEP and WYRM Data — are built on (bundled as WYRM Engineering at £250/seat). Procure, Ledger, Cyber and Legal are add-on intelligence modules at £19/month Pro and £49/month Enterprise, sold individually. WYRM Healthcare runs on the same substrate but adds a clinical-safety layer (DCB0129 case, refusal classifier, citation enforcement, immutable WORM audit for NHS retention) and is a standalone NHS engagement.

Which data sources do the agents query?

Procure: OpenSanctions (UK OFSI, OFAC, EU, UN), OpenCorporates, LME / Pink Sheet, ECB reference rates, AIS lane telemetry, Climatiq. Ledger: Find a Tender, Contracts Finder, SAM.gov, BDUK feeds, HMRC MTD, Companies House. Cyber: NVD CVE + EPSS, CISA KEV, GreyNoise, Shodan, HIBP-class breach feeds, dark-web indices. Legal: regulator publication APIs (FCA, ICO, CMA), case-law indices, and the customer's own clause playbook. Data: entity graph derived from every feed above plus the cross-module event stream.

Is the WYRM API publicly accessible?

Yes. The REST API is live at https://api.wyrm.ai/v1 with the OpenAPI specification at https://api.wyrm.ai/openapi.json and reference documentation at https://wyrm.ai/docs/api. Authentication accepts either an X-API-Key header (issued from the module dashboard on the Pro tier or above) or a Supabase-issued Authorization: Bearer JWT. A Model Context Protocol (MCP) server is also available per module, exposing the same agentic engine to Claude, ChatGPT, Cursor, Cline, and any compliant MCP client.

How does WYRM produce an audit trail per decision?

Every decision — supplier ranking, tender match, threat verdict, clause redline, or entity lookup — persists the agent outputs, their individual confidence signals, the ensemble weights used, and the final composite score into an immutable decisions table. An operator asked to defend a recommendation six months later can open the original record and see which agent surfaced which signal, what source was queried, when it was queried, and how the verdicts were weighted. Retention is seven years, extendable on Enterprise — aligned with UK Companies Act, HMRC, FCA, and the Procurement Act 2023.

Where is data stored and processed?

United Kingdom by default for all customers and all modules. EU data residency is available on Enterprise for operators with European operations. A UK-only processing path is offered for public-sector and regulated-industry workloads. Encryption is TLS 1.3 in transit and AES-256 at rest with 90-day key rotation. SOC 2 Type II, ISO 27001, and Cyber Essentials Plus are in progress; NHS DSPT is on the roadmap. The trust centre at https://wyrm.ai/trust publishes the current state of each certification as a living document.

Technical Overview

Agentic AI across the WYRM platform

Seven modules — led by the flagship engineering products WYRM MEP and WYRM Data, with Procure, Ledger, Cyber, and Legal add-ons and a standalone Healthcare line — running on one shared agentic engine. Specialist agents per module run parallel research against live data sources, an ensemble layer fuses their verdicts with explicit confidence weights, and every step is logged for audit. The flagship products and add-ons ship to SMEs; WYRM Healthcare adds a clinical-safety layer for UK NHS providers.

Definition

What is agentic operating intelligence?

A system that performs a full analysis autonomously across a defined domain, against a documented cadence, with human-reviewable output.

Most AI products in the market today are reactive. A user types a prompt, the tool returns a generic answer. Chatbots wait for input. Copilots suggest completions. They are assistants that respond when prompted.

Agentic operating intelligence is different. Specialist agents operate within defined polling and scoring schedules, produce outputs on a documented cadence, and log every action. The sanctions agent re-checks designations on every revision. The tender-match agent re-scores notices on every publication tick. The CVE agent re-prioritises against the operator footprint on every new exploitability signal. The clause agent re-runs the playbook comparison every time the operator updates it.

The distinction matters because operating decisions — across procurement, finance, security, and legal — require continuous awareness of changing inputs. A question-answering interface is insufficient: the data changes between questions, and the audit trail depends on recording every intermediate state.

Comparison

Chatbot vs copilot vs agent

Attribute	Chatbot	Copilot	Agent
Initiation	User prompt	User action	Scheduled + event-driven
Persistence	Session-based	Session-based	Continuous, audit-logged
Planning	None	Suggestion only	Goal-directed, bounded
Multi-step execution	No	Limited	Yes, with checkpoints
Cross-domain reasoning	No	No	Via orchestrator ensemble
Proactive updates	No	No	On material change only

Architecture

The specialist agents, by module

Two bounded agents per module plus a cross-module orchestrator. Each agent is colour-tagged with the module it belongs to; the orchestrator routes events between them.

Procure

Sanctions + Supplier Agent

Screens every counterparty and declared parent ownership against UK OFSI, US OFAC, EU, and UN consolidated lists via OpenSanctions. Traces ownership via OpenCorporates across 200M+ entities to detect common ownership across declared-independent suppliers.

Procure

Carbon + Commodity Agent

Computes embedded lifecycle emissions using Climatiq factors and country grid-carbon intensity. Returns CBAM liability at the decision point. Prices HS-coded commodities against LME and Pink Sheet with regime-aware volatility bands.

Ledger

Tender Match Agent

Polls Find a Tender, Contracts Finder, SAM.gov, and BDUK feeds. Matches notices to operator capability profile and historical win patterns, returning a ranked shortlist with a fit score per opportunity rather than a raw firehose of notices.

Ledger

Bid Drafting Agent

Drafts response sections against the operator's evidence library and prior winning bids, surfacing where claims are supported and where they require new evidence. Tender Writer mode produces a structured response aligned with the awarding authority's evaluation criteria.

Cyber

Threat Intel + CVE Agent

Continuous triage across NVD CVE, EPSS exploitability, and CISA KEV. Correlates against the operator's declared technology footprint and surfaces the small subset that actually requires action this week. Monthly sweeps on Pro, weekly on Enterprise.

Cyber

OSINT + Recon Agent

Username, phone, email, and image lookup across breach indices and OSINT sources. Attack-surface mapping and recon against operator-owned assets. Dark-web watch for credentials and brand mentions, with results surfaced as defensible evidence rather than raw scrape.

Legal

Clause Review Agent

Clause-by-clause green / amber / red verdicts on MSAs, NDAs, frameworks, DPAs, and SOWs against the operator's own playbook. Highlights deviations from negotiated baselines with diff-style evidence and a suggested redline.

Legal

Regulator Watch Agent

Continuous monitoring of regulator publication APIs (FCA, ICO, CMA, HMRC) and case-law indices. Filters by operator domain so the weekly digest is material updates the operator's legal function should actually act on, not generic regulatory noise.

Data

Entity Resolution Agent

Unified entity graph across every WYRM feed — suppliers, counterparties, regulator-named entities, breach actors, contract parties. Same legal entity surfaces under one canonical record regardless of which module first ingested it, with provenance per claim.

Data

Cross-Module Orchestrator

Routes events between modules so a signal in one surfaces in the others. A sanctions hit in Procure triggers a Cyber supplier-attestation refresh and a Legal contract-review flag. A regulator update in Legal triggers a Procure compliance recheck. Shared audit log throughout.

In practice

Cross-module correlation

A regulator publication triggers four agents across three modules in parallel.

Legal · Regulator Watch Agent

ICO publishes updated guidance on processor sub-contracting. Watch agent flags it within minutes of publication and tags every active DPA in the operator's contract library as needing re-review.

Procure · Supplier Agent

Cross-references the affected DPAs against the active supplier network. Surfaces 14 suppliers whose data-processing footprint falls inside the new guidance — including two whose self-attestation is now stale.

Cyber · Threat Intel Agent

Re-checks the two stale-attestation suppliers against breach indices and CVE exposure. One has a known unpatched exposure in the affected processor product line. Risk score raised.

Data · Cross-Module Orchestrator

Issues a composite update to the operator: 'ICO guidance change invalidates 14 DPAs in scope; 1 supplier has compounding cyber exposure; recommended action is renegotiate DPA + request remediation evidence. Full evidence trail at /decisions/{id}.'

Each agent saw one piece. The orchestrator produced the defensible answer. Every step is logged in the shared audit trail across all three modules.

Impact

Why this matters

OpenSanctions consolidates 40+ global lists updated daily. UN COMTRADE exposes over three billion bilateral trade records. Find a Tender publishes dozens of notices per day. NVD adds hundreds of CVEs per week. The ICO, FCA, CMA, and HMRC publish regulator updates on overlapping cadences. No human analyst can maintain live awareness across all of this — let alone across procurement, finance, security, and legal at once.

The viable approach is specialist agents per domain that do the research and initial analysis, with operators applying judgement to the flagged material changes. Not replacing the operator — augmenting them. An agent re-checks every revision, tick, and registry change. The operator decides what to do about the ones that matter.

For the per-module deep-dive — agent details, comparison against domain-specific incumbent tooling, and defensibility under the relevant regime — see Procure, Ledger, Cyber, Legal, and Data. For terminology, see the platform glossary. For specific applications, see the use cases.

Defensible decisions across procurement, finance, security, and legal — in seconds.

WYRM MEP and WYRM Data lead the platform from £20/seat — or £250/seat bundled as WYRM Engineering. Procure, Ledger, Cyber and Legal are add-on modules at £19/month Pro and £49/month Enterprise.