Helix's researchers are unusually exposed: their R&D pipelines are valuable, well-known to nation-state operators, and worked on by a workforce that spans three time zones and a long tail of contractors. Anya's team had been absorbing a steady rhythm of spear-phishing attempts for the last 18 months.
The economics were getting hard to defend. "Every successful compromise was running us six figures by the time we'd done IR, notified, and rebuilt access," Anya says. "And we had at least one a quarter."
Switching the workforce to Vercrio took a single quarter, including a deliberate phased rollout for contractors. The cryptographic factor closed the AitM path. The video-verified enrollment closed the harder one — a contractor's first day used to be the softest target on the network.
Anya tracks compromise count manually. The dashboard now reads zero, and has for long enough that she stopped checking weekly.