Nightshift for Financial Services
Great copilots, without comprimising fund boundaries.
Credit, deal, and IR copilots need governed portfolio, borrower, and fund data, but not the same slice of it. Nightshift can deliver sovereign models trained on their datasets against a corporate, department or team strategy down to a personal mandate.
# analyst Mia: Fund II only, borrower PII masked, MNPI walledpolicy "analyst-mia" {identity = "mia@lumen.fund"source = portfolio.positionsallow where fund = "Fund II"deny where deal in mnpi_watchlistmask column borrower_piirequire approval when action = "export"}
See it work
Reconcile across the stack, in one ask.
Watch an agent connect Nightshift over MCP, then reconcile a $3.1M billed-vs-collected gap across Stripe, Snowflake, Salesforce, and Workday, governed down to the row.
Identity-aware, end to end
The same request, different data back.
Two analysts hit the same catalog. The Fund I team sees its positions, the Fund II team sees its own, and neither sees the borrower behind a deal. Access follows the person, not a shared service account.
| Deal | Borrower | Mark |
|---|---|---|
| Atlas | •••• | $24.0M |
| Beacon | •••• | $11.2M |
| Cedar | •••• | $8.4M |
| Deal | Borrower | Mark |
|---|---|---|
| Dune | •••• | $52.0M |
| Echo | •••• | $30.1M |
| Frost | •••• | $9.2M |
What agents do
Copilots your analysts can actually use.
Draft the credit memo
Pull a borrower’s financials and covenants into a first-draft memo, scoped to the deals the analyst is staffed on.
Monitor the portfolio
Read positions and marks across a fund to flag covenant breaches and watchlist names, with borrower PII masked.
Answer the LP
An investor-relations copilot that answers a limited partner from its own commitments and statements, never another investor’s.
One catalog over the stack
Portfolio, deal data, and the warehouse, governed as one.
Point Nightshift at the portfolio system, the data room, fund accounting, and the warehouse, and it exposes a single governed catalog. Agents read live, so nothing is copied into yet another store of sensitive deal data.
- No second copy of borrower or investor data to secure
- Reads resolve live, scoped per identity
- Sensitive actions wake an approver on their phone
Information barriers
The walls hold by default.
Deal teams cannot see each other’s pipelines, and material non-public information stays on its side of the wall. Policy enforces the barrier on every request, so a copilot only ever reads the deals its user is cleared for.
Reads its own pipeline
Opportunistic deals walled off
Reads its own pipeline
Direct lending deals walled off
For the audit
Every request is on the record.
Questions compliance and IR ask
What diligence will want to know.
- Is a second copy of sensitive deal data created?
- No. Agents read live against the source through Nightshift, so there is no new store of borrower or investor data to defend or to put in scope.
- How granular is access?
- Down to the row, column, and value, scoped to a named identity. An analyst sees their fund; the deals they are not cleared for never compile into the endpoint.
- Can material non-public information be walled off?
- Yes. Policy can deny entire deals or a watchlist by identity, so a copilot on one side of the wall never reads what is on the other.
Put an agent on your portfolio data, under policy.
Start free, connect a warehouse or portfolio system, and watch governed, row-level reads reach your agent in minutes.
Want to look first? Take the product tour