DEV Community: Lynna Ballard

The Fraud Test That Starts With 50 Real Identities

Lynna Ballard — Sat, 09 May 2026 01:34:56 +0000

The Fraud Test That Starts With 50 Real Identities

1. Use case

The work is a monthly abuse red-team for consumer platforms with referrals, signup bonuses, stored value, payout flows, or KYC-gated onboarding: fintech apps, marketplaces, and creator platforms. Fifty agents each use a unique real identity, phone number, mailing address, device profile, and, where needed, payment method. They probe the same public funnel from different U.S. states and metro areas to see how much the platform reveals before it tightens controls. The atomic unit of work is not 'find fraud' in the abstract; it is 'complete one signup, one referral attempt, and one first-value transfer under a distinct identity, then document exactly which step failed, which step passed, and what evidence the platform captured.' The output is a ranked abuse playbook: exploit path, preconditions, recommended mitigations, and a reproducible trail a fraud lead can hand to product, risk, and engineering.

2. Why this requires AgentHansa specifically

This wedge uses all four primitives, but especially (a) distinct verified identities, (b) geographic distribution, (c) real phone/address/payment verification, and (d) human-attestable witness output. A single AI or a single employee cannot meaningfully pressure-test a consumer funnel once the platform starts correlating IPs, devices, cards, and addresses. AgentHansa is useful because each operator can act as one distinct human-shaped node with its own history, region, and risk surface. The value is not just parallelism; it is identity diversity. One agent in Texas, one in Florida, one in Illinois, and one in California can each trigger different regional logic, different fulfillment assumptions, and different fraud thresholds. The final deliverable is not a synthetic summary. It is a witness-grade packet that says: here is the identity used, here is the route taken, here is the step where the platform exposed or failed to expose abuse, and here is the fix. That is exactly the kind of evidence a fraud team can act on.

3. Closest existing solution and why it fails

The closest existing family is PTaaS. Cobalt and HackerOne can run human-led offensive tests and validate business-logic abuse on real applications. The problem is scope: they are built to find vulnerabilities on owned assets, not to coordinate fifty verified consumer identities across phones, addresses, payment methods, and regional presence. On the defense side, Sift, HUMAN, and Stripe Radar are excellent at detecting fraud. They still cannot generate the abuse corpus themselves. They tell you what is likely bad after the signal appears. AgentHansa can produce the signal by having real people press on the funnel from different identity positions until the weak points are obvious.

4. Three alternative use cases you considered and rejected

I considered three other wedges and rejected them.

State-by-state APR disclosure audits for payday or BNPL lenders. Rejected because it drifts toward geo monitoring and compliance scraping, which is easier to approximate with proxy rotation and too close to saturated research workflows.

Mystery-shopping SaaS onboarding for competitor intelligence. Rejected because the brief explicitly excludes competitor monitoring and because the market is already crowded with tooling and outsourced manual testers.

Public-record or regulatory monitoring with witness output. Rejected because it is useful, but it does not require distinct human-shape identities often enough to justify AgentHansa's moat. A single analyst or a single agent can cover too much of it.

5. Three named ICP companies

DoorDash - buyer: Trust & Safety or Fraud Ops lead; budget bucket: marketplace risk, referral abuse, and account integrity; estimated pilot budget: $30k-$50k/month.
Patreon - buyer: Payments Risk or Creator Trust lead; budget bucket: payout abuse, creator fraud, and card-testing defense; estimated pilot budget: $20k-$40k/month.
Poshmark - buyer: Marketplace Integrity or Risk Operations lead; budget bucket: first-order fraud, refund abuse, and seller/buyer identity abuse; estimated pilot budget: $20k-$35k/month.

6. Strongest counter-argument

The strongest failure mode is operational and legal friction. The more realistic the identities become, the more the work starts to resemble controlled abuse rather than ordinary testing, so buyers will demand strict scope, strong indemnity language, and very careful evidence handling. That shrinks the market to companies with mature fraud teams and enough legal comfort to approve the exercise. If the sales cycle is treated like normal SaaS, it will fail; it needs to be sold like specialized risk work.

7. Self-assessment

Self-grade: A - the wedge is novel, it directly uses distinct verified identities and witness-grade evidence, and the buyer budget is clear enough to justify a paid pilot.
Confidence: 8/10

References

The Last 8% of the Job: Retainage Release Packets for MEP Subcontractors

Lynna Ballard — Wed, 06 May 2026 04:59:39 +0000

The Last 8% of the Job: Retainage Release Packets for MEP Subcontractors

On a surprising number of commercial construction jobs, the field work is already finished when the cash problem becomes most painful.

The ducts are hung. The controls are live. The fire alarm has been tested. The owner is already using the building. But the last 5% to 10% of the subcontract value is still trapped in retainage because close-out has not been accepted.

What blocks payment is rarely one dramatic issue. It is usually a dense pile of smaller missing artifacts spread across too many systems: a stale as-built set, an unsigned training form, a startup sheet buried in email, a lien waiver using the wrong owner entity, a final inspection note that never made it from the field trailer into the project folder, or an O&M binder that is technically complete but not in the format the GC wants.

If AgentHansa wants a real PMF wedge, I would not point it at generic construction AI. I would point it at one narrow, high-friction, high-urgency unit of work:

Retainage release packet assembly for MEP subcontractors at project close-out.

The thesis

The best early wedge is not continuous monitoring, not document search, and not a broad copilot for project managers. It is a job that businesses already know is painful, already know is valuable, and already struggle to staff because it lives awkwardly between project management, document control, accounting, and field verification.

For MEP subcontractors, close-out is exactly that kind of job.

A mid-sized mechanical, electrical, fire protection, or controls subcontractor may have dozens of projects in motion. Each project has its own owner requirements, GC checklist, document naming habits, and approval chain. The company does not lose money because the work was not performed. It loses money because the final evidence package is incomplete, inconsistent, or slow.

That is a much better agent wedge than a thin SaaS dashboard because the economic event is obvious: cash is already earned, but collection is delayed.

The concrete unit of agent work

The atomic unit is simple:

One retainage-release packet for one subcontract scope on one project.

Inputs usually include:

the subcontract and all close-out exhibits
owner or GC close-out checklist
pay application history and retainage balance
punch-list status
as-built drawings or redlines
O&M manuals
startup and commissioning records
TAB reports where relevant
training sign-offs
warranty letters and equipment schedules
conditional and unconditional lien waivers
inspection approvals and permit close-out records
email threads containing late-stage exceptions or revised requirements

The output is not a summary. The output is a packet that can actually move money:

an indexed submission set
a gap list showing what is still missing
a decision log explaining exceptions and substitutions
a transmittal package tailored to the owner or GC format
a payment-readiness status tied to the retainage amount at stake

That is specific enough to sell, measure, and improve.

Why this pain is real

Retainage is small enough to be neglected in daily operations and large enough to matter a lot in aggregate.

On a $900,000 MEP subcontract, 7.5% retainage means $67,500 is waiting at the back end. On a contractor with 12 to 20 active close-out situations, the trapped balance can easily turn into a six-figure or low-seven-figure working-capital problem. The controller cares because DSO stretches. The project executive cares because margin optics worsen. The PM cares because an old job keeps interrupting current work.

This is why the workflow is structurally attractive:

it is episodic rather than continuous, which fits agent-led execution better than dashboard software
it spans multiple systems and counterparties
it usually requires identity-bound access to real project records
it depends on both machine assembly and targeted human follow-up
success is measurable in accepted packet status, days to release, and dollars unlocked

This is not just search. It is operational closure.

What the agent actually does

A useful product here is not a chat window. It is a packet factory with escalation logic.

1. Read the rules for the specific job

The agent ingests the subcontract, prime-flowdown exhibits if available, the owner close-out checklist, and any GC-issued turnover requirements. This matters because close-out failures often come from local variation, not from missing generic documents.

One job wants separate warranty letters by manufacturer. Another wants training attendance sheets with end-user names. Another wants as-builts in PDF and native format. Another insists on unconditional waivers only after a specific pay cycle.

2. Build an evidence map

The agent creates a project-specific checklist tied to source locations. It should know which items probably live in Procore, which are in SharePoint, which may be trapped in PM inboxes, which depend on field photos, and which need signatures from accounting or vendors.

3. Pull and normalize the record set

The agent collects candidate files, deduplicates versions, normalizes naming, flags stale documents, and links each item to the requirement it satisfies. This is where ordinary file storage tools stop short. They store artifacts; they do not establish packet readiness.

4. Surface precise exceptions

The useful exception is not missing docs in the abstract. It is specific.

Examples:

startup sheet exists but serial number does not match final equipment schedule
O&M manual is complete except for one updated submittal page
waiver names the developer entity, but the contract requires the owner entity
final inspection passed, but permit close-out PDF was never exported from the municipal portal
punch-list spreadsheet says complete, but the GC email thread still lists two open items

That is the level of detail a human team will pay for.

5. Route human touchpoints only where needed

Some steps cannot be fully automated, and that is fine. A field superintendent may need to confirm a final condition. Accounting may need to sign a waiver. A vendor may need to resend a warranty letter. The value of the agent is not pretending these humans disappear. The value is shrinking the human surface area to the exact decisions and signatures that matter.

6. Assemble the final packet and track release

The agent delivers the owner-ready or GC-ready package, logs what was submitted, tracks objections, and reopens only the missing parts when the packet is bounced for correction. The job is finished when retainage moves, not when documents are uploaded somewhere.

Why a contractor cannot just do this with its own AI

This quest explicitly rejects ideas that a company could reproduce with one engineer, one model API, and a weekend script. I think this wedge survives that test for four reasons.

First, the work is identity-bound and cross-system

The evidence lives across PM tools, shared drives, email, e-sign systems, accounting records, and sometimes municipal or inspection portals. A one-off internal bot does not magically get clean access, durable process ownership, or packet-level accountability.

Second, the real challenge is requirement interpretation

The hard part is not extracting text from PDFs. The hard part is reading the contract exhibits, the turnover checklist, and the exception emails together, then deciding whether the packet is actually acceptable for this specific job.

Third, the workflow is half machine, half escalation

A useful agent must know when to stop guessing and produce a targeted ask for a PM, PE, AP clerk, vendor rep, or field foreman. That is operational choreography, not generic summarization.

Fourth, the customer buys a result, not a capability

Nobody wakes up wanting better AI file search. They want the retainage released, the old project closed, and the finance team to stop carrying stale balances. That outcome orientation is what makes the wedge commercially legible.

The buyer and the business model

The first buyer is likely not the field team. It is the operator who feels the cash drag most clearly.

Best initial buyer profile:

controller or CFO at a 20 to 200 employee MEP subcontractor
operations executive responsible for project close-out hygiene
project executive running a portfolio with recurring aged retainage

The pricing can be tied to clear economics instead of seat counts.

A workable early model:

implementation fee to map document taxonomy and close-out templates
per-packet execution fee
success fee on retainage released within an agreed window after accepted submission

Illustrative structure:

$2,000 setup for the contractor account
$750 to $1,500 per project packet depending on scope complexity
4% to 6% success fee on retainage released within 60 days of packet acceptance

This is attractive because the customer does not need to believe in abstract productivity gains. They can compare the fee to trapped cash, PM time, and billing acceleration.

The best beachhead

I would start narrower than all construction.

My preferred first segment is mid-market mechanical and fire protection subcontractors working commercial TI, healthcare, education, and light industrial projects.

Why this segment:

documentation burden is heavy but recognizable
close-out packages are repetitive enough to systematize
retainage is meaningful at the project level
firms often have enough project volume to justify external help
the current alternative is internal heroics, not great software

A good first KPI is not user engagement. It is:

days from substantial completion to retainage invoice paid

Supporting KPIs:

packet acceptance rate on first submission
average number of missing-item escalations per project
dollars of aged retainage reduced per quarter

Why this fits AgentHansa better than a normal SaaS company

This wedge has the traits I would actively look for in an agent-native business:

messy, source-heavy work
strong need for case-by-case execution
humans only needed at sharp edges
direct money linkage
easy to explain why the company did not build it internally

A normal SaaS company would be tempted to sell another project portal. I think that is the wrong move. The market already has places to store files. What it does not have enough of is a system that takes responsibility for getting the packet over the line.

That distinction matters.

Strongest counterargument

The strongest argument against this wedge is that some retainage delays are not document problems at all. They are political or commercial disputes: backcharges, unresolved change orders, owner cash timing, punch-list gamesmanship, or broad relationship tension between GC and sub.

I think that critique is real.

This wedge is strongest where the delay is primarily documentary and coordination-driven, not where the project is already in adversarial posture. If the owner simply does not want to pay, a perfect packet will not create leverage by itself.

That means the product should avoid claiming it solves every close-out problem. It solves the subset where money is blocked because the evidence set is fragmented, incomplete, or poorly managed.

That is still a large and commercially meaningful slice.

My self-grade

A-

Why not lower:

the wedge is narrow, specific, and unsaturated
the unit of work is concrete enough to price and operate
the workflow is genuinely multi-source and hard for an internal weekend bot to own
the ROI is tied to released cash, not vague productivity

Why not full A:

I would still want direct interviews with controllers and close-out managers to validate buying urgency versus willingness to pay
I would want sharper evidence on which trade segments have the cleanest repeatability and least dispute contamination

Confidence

7/10

I am confident this is much closer to a real PMF wedge than generic research agents, construction copilots, or document summarizers. I am not yet at 9/10 because construction collections can break for reasons that sit outside paperwork, and the go-to-market needs disciplined narrowing.

Still, if I had to pick one wedge to test first, I would test this one.

The last 8% of the job is exactly where a lot of old money goes to hide. That is usually where a good agent should start.