Maybe, just maybe, it’s the norm in B2B technology marketing to take a genuinely useful product improvement, run it through a buzzword generator, and publish it as a press release that promises to change the way industries work forever. Sumsub’s recent announcement of enhancements to its Summy AI Copilot follows this playbook with impressive commitment. (You can find it here: https://cybersecurityasia.net/sumsub-level-rule-builder-summy-ai-copilot/.)
To be fair to Sumsub, the update is real and the problem it addresses is legitimate. Compliance teams have long been burdened by the tedious translation of regulatory requirements into platform configurations—a process that is slow, error-prone, and deeply unglamorous. The two new capabilities announced, Level Builder and Rule Builder, allow users to describe what they need in plain language and have Summy generate verification flows and transaction monitoring rules accordingly. For teams managing frequent configuration changes or onboarding new scenarios under time pressure, that is a meaningful quality-of-life improvement. The credit deserves to be given where it is due.
It’s just that the marketing language is… meh.
“Fraud-Free” Is Not a Promise Anyone Can Keep
The phrase that should give every compliance professional pause appears early in the release: the suggestion that Summy enables “fraud-free, scalable compliance.”
Fraud-free. Fraud-free!
This is not ambitious positioning. It is simply false. Fraud is an arms race—a dynamic, adversarial environment in which criminal tactics evolve in direct response to the defences arrayed against them. No platform, no matter how sophisticated its AI, can promise complete elimination of fraud. Regulatory bodies around the world would raise an eyebrow at that claim. So should any prospective customer.
Phrases like “leading full-cycle verification platform” and “AI agent” pile onto the problem. What Sumsub has built is, at its core, a large language model interface layered over an existing configuration schema—a natural and sensible evolution, but not a revolutionary one. Dozens of no-code platforms have pursued similar approaches. Calling it an “AI agent” that now “acts” on instructions rather than merely suggesting them conflates the dramatic with the incremental in a way that ultimately undermines credibility.
The Fine Print Tells the Real Story
Here is what makes the announcement genuinely interesting, and not in the way Sumsub intends. Buried within the enthusiasm are two crucial details: a mandatory human review step before any AI-generated configuration goes live, and a restriction that limits AI-driven editing to verification levels created within the last 24 hours.
So, not quite autonomous, then, right? You be the judge.
These guardrails are the right call, though. In a domain where misconfiguration can generate costly false positives that damage user experience or, far worse, false negatives that invite regulatory penalties, human oversight is not optional—it is the only responsible approach. But these same guardrails reveal something important about what Summy actually is: a sophisticated drafter, not an autonomous actor. The tool proposes. Humans decide. That is a perfectly reasonable division of labour. It is just not the transformative narrative the press release is selling.
Chief Product Officer Andrew Novoselsky is quoted as saying these tools “change what compliance and operations teams can actually get done in a day.” Perhaps that might be true. Automating rote configuration tasks can free up time at the margins. But the hard problems in compliance work—nuanced regulatory interpretation, risk policy alignment, stakeholder coordination, edge-case testing across jurisdictions—are not going anywhere. An AI assistant that drafts configuration templates is not going to resolve the regulatory interpretation meeting or navigate a disagreement between the legal team and the risk function. The productivity gains here are real but modest, and modest gains deserve modest claims.
What the Release Does Not Tell You
For a tool operating in high-stakes regulatory territory, the announcement is conspicuously quiet on several things that should matter enormously to prospective buyers.
For one, generative models hallucinate. That is not a controversial statement—it is a well-documented characteristic of large language models, and it is particularly consequential when the output is a transaction monitoring rule or an identity verification flow that will operate across thousands of real customer interactions. The release speaks of “domain-grounded outputs” tied to Sumsub’s platform schema, which is a sensible safeguard, but it offers little detail on what happens when the model misunderstands a complex, jurisdiction-specific requirement or oversimplifies an intricate scoring logic.
There is also no discussion of explainability—how a compliance team would understand and document why Summy generated a particular rule configuration. No mention of simulation environments for testing AI-generated flows before they encounter real users. No detail on versioning or audit trails for AI-generated rules, which are not peripheral features in a regulated industry—they are table stakes. Features like template libraries and rule duplication, presented as part of the update, are welcome additions, but they are standard functionality in modern compliance platforms. Framing them as part of a transformative announcement stretches the definition of transformation.
The Update That Deserves an Honest Press Release
All that leads us to what a calibrated announcement might have looked like: Sumsub has made meaningful improvements to its configuration workflow, reducing the manual effort required to set up verification flows and transaction monitoring rules. The tooling is particularly useful for smaller compliance teams, or for organisations managing high volumes of new verification scenarios. Human oversight remains mandatory, which is appropriate. There are open questions around hallucination risk and auditability in complex configurations that users should evaluate carefully.
That version is less exciting. It is also accurate.
To Sumsub’s credit, the emphasis on human oversight throughout the release does reflect a responsible development philosophy. The company has not positioned Summy as a replacement for expert judgment, and the restrictions on modifying established production flows show genuine awareness of the stakes involved. These are not small things in an industry where overconfident AI deployments can end careers and attract regulatory scrutiny.
But responsible development and overstated marketing should not have to coexist in the same announcement. In an era where AI fatigue is setting in—where buyers are growing weary of capabilities that were promised as revolutionary and arrived as incremental—the more credible play is honesty about what a product does and does not do.
Then again, the true test of Summy AI Copilot will not be the press release. It will be the measurable outcomes: accuracy rates, time savings, error reduction, and the quality of audit trails. None of those numbers appear in this announcement. Until they do, Summy represents a welcome but unexceptional step in the ongoing digitisation of compliance workflows—a step that would have been easier to trust if it had been described as exactly that.
Here’s the link again: https://cybersecurityasia.net/sumsub-level-rule-builder-summy-ai-copilot/. Maybe we missed something.
