Industries
AI-assisted software development for insurance
Build the claims portals, underwriting tools and broker dashboards your policy admin system was never going to give you — governed, audited and owned by you.
Ciao is an AI-assisted engineering platform insurers, MGAs and brokers use to build the operational software around their core systems — claims intake portals, underwriting workbenches and broker dashboards. Unlike consumer app builders, Ciao applies Guardrails policy review with recorded human sign-off, automated QA and live security testing, and keeps an append-only audit trail — the history you need when a market-conduct exam asks what happened.
Published 2026-07-03 · Last updated 2026-07-03
Claims move at the speed of the spreadsheet next to the core system
The policy administration system and the claims core hold the record — and almost none of the work. First notice of loss arrives as email attachments and gets rekeyed. Adjuster assignment happens in a spreadsheet. Subrogation follow-up lives in a shared inbox, renewals in another, and the underwriting team triages broker submissions by reading PDFs in the order they arrived. Every insurer knows this landscape; most have simply priced it in.
The workarounds are invisible until they are not. Brokers call for status because there is nowhere to look. Policyholders call because the letter said ten days. And when a market-conduct exam or an internal review asks who touched a claim and when, the answer lives across mailboxes and file versions that were never designed to be evidence.
Ciao builds the operational layer around the core: real applications for intake, triage, tracking and broker service, each with role-based access, recorded approvals and an append-only audit trail — delivered in days from a plain-language description, not quarters from an IT queue.
The same gap repeats at every layer of the market. MGAs run binding-authority operations on spreadsheets the carrier never sees; brokerages track submissions in a shared inbox; TPAs juggle client-specific processes in tools built for none of them. The examples below read carrier-first, but the pattern — a governed app around the system of record — holds at each layer.
What insurance teams build on Ciao
FNOL intake portal
Structured first notice of loss with photo and document upload, field validation and an instant claim reference — ending the rekeying of emailed PDFs into the claims core.
Claims status portal
Policyholders see the stage, the next step and the documents still needed, with notifications at each milestone — deflecting the status calls that fill adjusters' mornings.
Underwriting workbench
Submission triage with appetite checklists, data pulled from broker files, referral routing and a record of every decision — replacing inbox-order underwriting.
Broker dashboard
Book of business, commission statements, renewal lists and document exchange in one login — the service layer that keeps producers placing business with you.
Subrogation tracker
Recovery opportunities as a pipeline with owners, deadlines and demand-letter status, instead of a spreadsheet reviewed when someone remembers.
Renewal workflow
Upcoming renewals with task checklists, document collection and escalation when dates approach — so retention stops depending on calendar reminders.
CAT response dashboard
Event-level claim volumes, adjuster capacity and aging in one view when a catastrophe hits — assembled in advance, not in the first chaotic week.
Why generic AI builders fall short in a regulated carrier
Insurance operations software handles regulated data and produces records regulators may one day read. A tool that tracks claims decisions is itself part of the story a market-conduct exam reconstructs — which shapes the platform requirements more than any feature list does.
- A history you can hand to an examiner — The append-only audit trail covers prompts, merges, deploys and admin actions, and Guardrails records the human review behind every serious change — so when an exam asks how the claims portal changed last year, the answer is an export.
- Separation of duties by construction — Role-based access control keeps claims, underwriting and broker-facing views distinct, with SSO via SAML or OIDC and optional MFA in front of all of it.
- Portals that do not break during a storm — QA runs deterministic browser replays with smoke gates before publish and production checks after — and Doctor diagnoses live issues when CAT volume finds the weak spot.
- Security tested against the live app — Static scanning, dependency checks and access-control probes run continuously, with vulnerabilities confirmed against the running application before anyone is paged about them.
Governance for claims and underwriting operations
Between market-conduct exams, reinsurer questions and internal claims-quality reviews, insurance operations answer for their history more than most. These are the controls behind every Ciao-built workflow:
- ✓ Role-based access separating claims, underwriting, broker and policyholder views
- ✓ Append-only audit trail — evidence for market-conduct exams and internal QA reviews
- ✓ Guardrails plain-English policies with recorded human review on changes to live workflows
- ✓ SSO via SAML and OIDC with optional MFA for staff and broker access
- ✓ SOC 2 Type II reports available under NDA; deployment to your own cloud, private VPC or on-prem under separate terms
- ✓ Policyholder data is not used to train models; inference runs under zero-retention model contracts
The policy admin system stays the record of truth
Ciao does not replace your policy administration system, claims core or agency management system — it builds the working layer those platforms were never going to provide. Apps read and write through the APIs, extracts and EDI-style feeds your vendors already produce, so premiums, reserves and policy records keep a single authoritative home while intake, triage and service finally get real software. Where no API exists, scheduled extracts do the job — an imperfect feed powering a working tool beats a perfect integration that never ships.
Carriers with Java-heavy back offices can go further: custom sandbox images wrap AI-assisted engineering around Java, Node, Python and other existing backends, keeping new work inside the estate your IT team already operates.
Insurance is also a document business — loss runs, certificates, endorsements, demand letters — and these apps treat documents as first-class workflow objects: uploaded once, attached to the claim or submission, versioned, and visible to exactly the roles that should see them.
How a claims tool ships
Claims leaders describe; compliance and IT review at the plan and at the merge. The build itself does not wait on either queue.
1. Describe
A claims or ops leader writes the workflow in plain language — statuses, roles, documents, deadlines.
2. Plan
Ciao maps the plan, including which core-system feeds it reads, for IT and compliance to review first.
3. Build
The portal or workbench is built in real React, TypeScript and Supabase code.
4. Test
QA replays the journeys that matter — claim submitted, document attached, status advanced — before publish.
5. Govern
Guardrails applies your policies and records the named reviewer on every serious change.
6. Deploy and monitor
The app ships to your chosen environment; Doctor watches it live, and rollback is one action away.
Claims operations, before and after
None of the left column is anyone's fault — it is what happens when the core system's release cycle is measured in quarters and the work cannot wait. The right column is what the work looks like with software of its own.
| Task | Common state today | With a Ciao-built app |
|---|---|---|
| FNOL intake | Email, PDFs and rekeying | Structured portal with validation and documents attached |
| Status updates | Inbound calls to adjusters | Self-service status portal with notifications |
| Subrogation | A spreadsheet reviewed monthly | Pipeline with owners and deadline alerts |
| Broker requests | Shared mailbox | Broker dashboard with document exchange |
| Exam preparation | Reconstructing history by hand | Append-only audit trail, exported on demand |
Engaging as a carrier, MGA or brokerage
Whether you are a carrier fixing claims operations, an MGA building an underwriting workbench, or a brokerage giving producers a real dashboard, this work runs as a program with sales — governance setup, deployment targets and vendor review included. Serious development programs start at USD 10,000 per year. The strongest starting point is the workflow generating the most inbound calls today.
Frequently asked questions
Can Ciao-built apps integrate with our policy admin and claims systems?
Yes, through the APIs, extracts and feed formats those systems already expose. The core stays the record of truth for policy and claim data; Ciao-built apps run the intake, tracking and service workflows around it.
What do we show a market-conduct examiner?
The append-only audit trail covering prompts, merges, deploys and admin actions, plus Guardrails records of who reviewed each serious change. The application's own data — claim events, status changes, user actions — is yours and lives in your database, so operational history is queryable too.
Can we control who sees claims data?
Yes. Role-based access control separates adjusters, underwriters, brokers and policyholders, and SSO via SAML or OIDC ties access to your identity provider. Broker and policyholder portals expose only the records that belong to the person logged in.
Can this run in our own cloud environment?
Yes — your own AWS, Azure or GCP account, a private VPC, or on-prem under separate terms, in addition to Ciao cloud. SOC 2 Type II reports are available under NDA for your vendor review.
Do adjusters and underwriters need technical training?
No. The apps are ordinary web applications shaped around your workflow, and changes are requested in plain language. The operational team describes what should be different; QA and Guardrails handle verification and review before it ships.
Who owns the software?
You do — 100% ownership of standard React, TypeScript and Tailwind code, exportable to your own repositories at any time. A tool your operation depends on should not be hostage to any vendor, including us.