Their own Detection team cut false positives from 33% to 7% and saved 1,870 hours in a single month with Claude. What their engineers built in-house, we ship as a finished product — EU-hosted, audit-grade, affordable for SMBs.
I can finally build the tools I always wished I had. Our CLUE stack (Claude Looks Up Evidence) reduced the false-positive rate from ~33% to 7%, ran 12,000 automated queries and 27,000 tool calls in 30 days, and saved an estimated 1,870 hours — 234 person-days.
The story is public because Anthropic wants to demonstrate AI-driven SOC works. That's good for us — we deliver exactly the same workflow as a production-ready platform, without you having to build your own Detection Engineering team.
Numbers from the Anthropic Detection team over 30 days running their CLUE stack. Not a marketing claim from us — a published result from their own team.
Anthropic has the people to build CLUE in-house. Most Belgian SMBs don't. We have the same workflow, plus what an EU company needs on top.
| Axis | Anthropic CLUE (internal) | monsys.ai (production-ready) |
|---|---|---|
| Build effort | Custom build on Claude Code + internal logs | Agent + hub + dashboard, day-1 deployable |
| Data residency | US-hosted Claude API | EU-hosted (GoTrust BV, Belgium) |
| Team requirement | Own Detection Engineering team | 5 servers free · €3/agent from #6 |
| Output shape | Workflow tool for internal analysts | Workflow + auditor evidence pack in one |
| Compliance | No GDPR/NIS2/CyFun output | Compliance engine + Ed25519 evidence packs |
| Installation | Soup-to-nuts engineering project | iwr | iex / curl | bash |
Anthropic's CLUE is internal tooling for one company. We sell to EU SMBs with different obligations.
Everything runs on EU infrastructure. No Claude API call routing through US jurisdiction. Critical for healthcare, legal, government, or anyone under NIS2.
Per month or per incident, an Ed25519-signed tarball with the full trail. Your auditor verifies offline with our open-source Python script — no account, no network call.
Our compliance engine automatically maps your infra to ISO27001, NIS2, BE-CyFun and CIS controls. Your auditor gets a complete file, not a dashboard screenshot.
Anthropic's numbers (33%→7%, 1,870 hours) are Anthropic's, not ours. They show an AI-driven SOC works — not that every monsys.ai tenant gets the same reduction. Your numbers depend on alert volume, log quality, and configuration.
We also deliberately don't run unbounded LLM autonomy the way they describe. Our AI Explain runs locally on the host (Ollama, opt-in), and our compliance + alert flow is rule-based. AI is a layer on top of our deterministic core, not a replacement. That's a feature, not a limitation — auditors want repeatable rules, not stochastic output.
5 servers free forever. No credit card. EU-hosted.