# Use Cases

See where Mighty creates value in chat, uploads, OCR, claims, invoices, agents, batch intake, and AI fraud review.

Source URL: https://trymighty.ai/docs/use-cases

Use cases should start with the trust boundary.

Ask: where does untrusted material become trusted by a person, model, workflow, payment system, or agent?

Mighty use case map: scan before AI, OCR, storage, workflow automation, payment, agents, or review trusts untrusted material.

For exact setting recipes, see [Choose Scan Settings](/docs/concepts/configs). The table below names where Mighty should sit and why the scan is useful in plain product terms.

## Use Case Map

| Use case | What can go wrong | Where Mighty sits | Suggested settings |
| --- | --- | --- | --- |
| Customer support chat | Prompt injection, unsafe files, public output leaks. | Before `streamText`, before strict output, before tool results enter context. | [`mode=secure`, `focus=steg`](/docs/concepts/configs#start-with-the-thing-you-are-about-to-trust), `profile=ai_safety` for output. |
| Claims intake | Altered evidence, poisoned documents, normal PII, weak evidence. | Before storage, OCR, extraction, routing, or adjuster automation. | [`data_sensitivity=tolerant`](/docs/concepts/configs#mode-profile-and-data-sensitivity), `profile=strict` for high value. Use `focus=steg` for structured documents and `focus=all` for known image/PDF evidence. |
| Damage photo review | AI-generated image evidence, edited photos, inconclusive visuals. | Before claim decisions, repair decisions, or payment decisions. | [`content_type=image`, `focus=all`](/docs/concepts/configs#focus-modes-without-jargon), `mode=comprehensive` for deep review. |
| Invoice and estimate review | Altered invoices, synthetic estimates, hidden instructions, inflated line items. | Before extraction, approval, payment, or AI summarization. | [`content_type=pdf` or `document`](/docs/concepts/configs#content-types), `data_sensitivity=tolerant`. |
| OCR and IDP pipelines | Hidden instructions become trusted text. OCR errors become workflow facts. | Scan original file, then extracted text with the same `scan_group_id`. | [`focus=steg`, `data_sensitivity=tolerant`](/docs/concepts/configs#start-with-the-thing-you-are-about-to-trust) for mixed files and structured documents. |
| User-generated uploads | Hidden instructions, sensitive data, unsafe attachments, unsupported file size. | Before permanent storage, indexing, or sharing. | [`content_type=auto`, `mode=secure`, `focus=steg`](/docs/concepts/configs#safe-default), async for large evidence. |
| Agentic systems | Tool output or retrieved content manipulates the next model step. | Before tool output, browser content, retrieved docs, or final plans enter context. | [`profile=ai_safety` or `code_assistant`](/docs/concepts/configs#mode-profile-and-data-sensitivity), reuse `scan_group_id`. |
| Internal review assistant | Summaries overstate certainty or expose private data. | Before showing generated summaries or recommendations. | [`scan_phase=output`, `data_sensitivity=tolerant`](/docs/concepts/configs#output-inspection) for internal PII. |
| Batch intake | Many records hide risky items and lose traceability. | Per item before batch automation writes state. | One `session_id` per batch, one `scan_group_id` per item. |
| Audio intake | Transcripts can carry unsafe instructions or disputed statements. | Scan transcript text today. Audio scanning is closed beta. | [`content_type=text`](/docs/concepts/configs#content-types) for transcript, same session as source audio. |

## Why Scan Here?

Scan at the point where a bad input could become a trusted fact, model instruction, payment signal, review note, or automated decision.

- Chat: stop instructions that try to make your AI ignore your rules.
- Uploads: stop hidden file content before OCR, storage, or indexing trusts it.
- OCR and IDP: stop hidden or altered extracted text before it becomes a workflow field.
- Images and PDFs: route AI-generated, AI-edited, reposted, or manipulated evidence to review.
- Output: stop generated text from leaking secrets, repeating unsafe instructions, or steering downstream tools.

## Value By Workflow

| Workflow | Value |
| --- | --- |
| Chat | Stop risky prompts before model execution and scan public output before users see it. |
| Uploads | Keep suspicious files out of OCR, storage, search, and AI pipelines until routed. |
| OCR and IDP | Prevent extracted text from becoming trusted workflow data without inspection. |
| AI fraud review | Flag suspicious evidence and route weak signals without claiming proof. |
| Agents | Keep untrusted tool output out of model context. |
| Review queues | Give reviewers IDs, risk fields, original evidence, derived output, and scan history. |

## Build Order

1. Start with the workflow that has the most trust risk.
2. Add `POST /v1/scan` before the first trust boundary.
3. Store IDs and action.
4. Route `ALLOW`, `WARN`, `BLOCK`, `indeterminate`, and `pending`.
5. Scan derived output with the same `scan_group_id`.
6. Add review metrics so you can tune tolerance later.

## AI-Agent Prompt

### Choose Mighty use cases

```text
Find the Mighty use cases in this product.

For each workflow, identify:
- The trust boundary.
- The untrusted material type.
- Whether AI, OCR, IDP, agents, or automation will use the material.
- The right content_type, scan_phase, mode, focus, profile, and data_sensitivity.
- Where scan_group_id and session_id should be stored.
- How ALLOW, WARN, BLOCK, indeterminate, and pending are routed.

Prioritize:
- chat input and public output
- file uploads before OCR or storage
- OCR and IDP output
- image evidence and AI fraud review
- invoice and estimate review
- agent tool output
- batch intake

Acceptance criteria:
- Every high-risk trust boundary has a server-side scan.
- Every derived output scan reuses the correct scan_group_id.
- Review wording says Mighty flags suspicious evidence, not that it proves fraud.
```