For many financial institutions, security and governance act as brakes on AI adoption. Xapo flipped the script, achieving 85% employee adoption in just 8 weeks.
The secret? Partnering with Google & Sakura Sky, Xapo built on their existing Google Cloud foundations to extend their ‘frictionless governance’ directly into agentic and 3rd-party workflows.
Because their agents automatically inherit the exact same RBAC and Data Lake policies as their employees, they turned Security into an Innovation Accelerator. This allowed Xapo to focus entirely on productivity, resulting in a seamless, high-speed rollout of cutting-edge tech that empowered their workforce without compromising privacy and security.
The Three Pillars of Success
1. Google Cloud Foundations
Xapo’s speed was a dividend of strategic bets on cloud and data maturity.
- Immutable Infrastructure: Leveraging the Sakura Sky Enclave framework, all networking and compute were defined as Infrastructure as Code (IaC).
- Enterprise-Grade Privacy: Using Gemini Enterprise, Xapo ensured proprietary data is never used to train Google’s foundation models.
- Unified Lakehouse: A metadata-driven platform standardizes data from hundreds of disparate sources in real-time, creating a high-quality corpus to ground AI agents.
This diagram captures reference Google Cloud network architecture for separate production and development environments using Shared VPCs. It shows how on-premises locations connect to these cloud environments via Cloud Interconnect for secure communication.
2. Governance as an Accelerator
Instead of manual checklists, Xapo baked governance into the environment’s hierarchy.
- Zero-Drift Security: Strict networking policies prevent data exfiltration by default.
- Identity as the Perimeter: Using a Zero Trust model based on Google Cloud IAM, agents inherit the same sophisticated protections as human employees.
- Least Privilege: AI agents never have “blanket access”; their reach is strictly limited to specific datasets authorized for a given workflow.
This diagram illustrates the architecture of the Gemini Enterprise Assistant platform, showing how administrators connect data sources to an application for users to interact with.
3. The “Defense in Depth” Architecture
The Xapix SDK enables a secure pipeline, ensuring every request is verified before a single token is generated.
- Sanitization: Xapo’s architecture included Model Armor to filter out prompt injections and jailbreak attempts on input, while screening for PII and policy violations on output.
- Intelligent Orchestration: Vertex AI dynamically determines which specialized agents are required for complex, multi-step tasks.
- Identity Propagation: Agents use pass-through authentication. If a user cannot see a document in the source system, the AI cannot retrieve it for them.
This diagram illustrates the architecture for Xapo Bank’s implementation of Google Cloud Platform (GCP) services, specifically focusing on the integration with Gemini Enterprise for AI-powered applications. It highlights the security and operational flow from employee input to AI output generation.
The Result: Invisible Productivity
The 85% adoption rate is more than a software metric, it is a metric of trust. By solving “Day 2” problems like cost attribution and compliance upfront, Xapo compressed workflows that previously took days into mere minutes.
“We didn’t just build a tool; we built a safe harbor for innovation. In the enterprise, safety is what gives you the speed to win.”
