# Use Cases

See where Mighty creates value in chat, uploads, OCR, claims, invoices, agents, batch intake, and AI fraud review.

Source URL: https://trymighty.ai/docs/use-cases

Use cases should start with the trust boundary.

Ask: where does untrusted material become trusted by a person, model, workflow, payment system, or agent?

Mighty use case map: scan before AI, OCR, storage, workflow automation, payment, agents, or review trusts untrusted material.

## Use Case Map

| Use case | What can go wrong | Where Mighty sits | Suggested settings |
| --- | --- | --- | --- |
| Customer support chat | Prompt injection, unsafe files, public output leaks. | Before `streamText`, before strict output, before tool results enter context. | `mode=secure`, `focus=both`, `profile=ai_safety` for output. |
| Claims intake | Altered evidence, poisoned documents, normal PII, weak evidence. | Before storage, OCR, extraction, routing, or adjuster automation. | `data_sensitivity=tolerant`, `focus=both`, `profile=strict` for high value. |
| Damage photo review | AI-generated image evidence, edited photos, inconclusive visuals. | Before claim decisions, repair decisions, or payment decisions. | `content_type=image`, `focus=both`, `mode=comprehensive` for deep review. |
| Invoice and estimate review | Altered invoices, synthetic estimates, hidden instructions, inflated line items. | Before extraction, approval, payment, or AI summarization. | `content_type=pdf` or `document`, `data_sensitivity=tolerant`. |
| OCR and IDP pipelines | Hidden instructions become trusted text. OCR errors become workflow facts. | Scan original file, then extracted text with the same `scan_group_id`. | `focus=both`, `data_sensitivity=tolerant`. |
| User-generated uploads | Malware-like prompts, sensitive data, unsafe attachments, unsupported file size. | Before permanent storage, indexing, or sharing. | `content_type=auto`, `mode=secure`, async for large evidence. |
| Agentic systems | Tool output or retrieved content manipulates the next model step. | Before tool output, browser content, retrieved docs, or final plans enter context. | `profile=ai_safety` or `code_assistant`, reuse `scan_group_id`. |
| Internal review assistant | Summaries overstate certainty or expose private data. | Before showing generated summaries or recommendations. | `scan_phase=output`, `data_sensitivity=tolerant` for internal PII. |
| Batch intake | Many records hide risky items and lose traceability. | Per item before batch automation writes state. | One `session_id` per batch, one `scan_group_id` per item. |
| Audio intake | Transcripts can carry unsafe instructions or disputed statements. | Scan transcript text today. Audio scanning is closed beta. | `content_type=text` for transcript, same session as source audio. |

## Value By Workflow

| Workflow | Value |
| --- | --- |
| Chat | Stop risky prompts before model execution and scan public output before users see it. |
| Uploads | Keep suspicious files out of OCR, storage, search, and AI pipelines until routed. |
| OCR and IDP | Prevent extracted text from becoming trusted workflow data without inspection. |
| AI fraud review | Flag suspicious evidence and route weak signals without claiming proof. |
| Agents | Keep untrusted tool output out of model context. |
| Review queues | Give reviewers IDs, risk fields, original evidence, derived output, and scan history. |

## Build Order

1. Start with the workflow that has the most trust risk.
2. Add `POST /v1/scan` before the first trust boundary.
3. Store IDs and action.
4. Route `ALLOW`, `WARN`, `BLOCK`, `indeterminate`, and `pending`.
5. Scan derived output with the same `scan_group_id`.
6. Add review metrics so you can tune tolerance later.

## AI-Agent Prompt

### Choose Mighty use cases

```text
Find the Mighty use cases in this product.

For each workflow, identify:
- The trust boundary.
- The untrusted material type.
- Whether AI, OCR, IDP, agents, or automation will use the material.
- The right content_type, scan_phase, mode, focus, profile, and data_sensitivity.
- Where scan_group_id and session_id should be stored.
- How ALLOW, WARN, BLOCK, indeterminate, and pending are routed.

Prioritize:
- chat input and public output
- file uploads before OCR or storage
- OCR and IDP output
- image evidence and AI fraud review
- invoice and estimate review
- agent tool output
- batch intake

Acceptance criteria:
- Every high-risk trust boundary has a server-side scan.
- Every derived output scan reuses the correct scan_group_id.
- Review wording says Mighty flags suspicious evidence, not that it proves fraud.
```