AI Automation & Platform Stabilization for a UK Fleet Management SaaS

• 3 production AI automations integrated into the live platform
• 2 TB operational database stabilized with daily backups restored
• 60% reduction in time spent preparing fleet activity reports
• 95%+ of tachograph infringements flagged before becoming violations
• 3× faster ad-hoc fleet inquiries handled via the AI co-pilot

The client's fleet management platform had outgrown its previous vendor relationship, and decided to hand over their platform to the OTAKOYI engineering team. This handover was the first hurdle, since the process had to be fast and safe for the client operations.

The platform underneath wasn't in shape for what came next. A technical audit surfaced critical SQL injection risk in a function called across hundreds of code paths, hardcoded API tokens to live third-party services, and permissive production configuration. These gaps had to be closed before any new build.

The client wanted to embed AI across their operations — automated trip reports, tachograph compliance tracking, an in-product co-pilot — but their 2 TB operational database had become so heavy that a single backup ran for two days. The platform required thorough optimization.

• A live platform serving thousands of fleet operators daily, that had to be transitioned from the previous vendor
• Years of accumulated technical debt across security, access management, and operational tooling
• Database growth driven by continuous fleet telemetry, with operational queries competing against any maintenance window for the same resources
• AI initiatives on the roadmap with no clear path forward until the platform was stable enough to build on

We treated this engagement as two connected projects under one roof.

• The first was a foundation project — making the platform safe to own, safe to run, and ready to extend.
• The second was our standard AI automation work, executed only once the platform underneath could actually support it.

The foundation project moved from inheritance to ownership. We executed a controlled vendor handover, brought security and access governance up to standard, re-architected the data layer, and added the test coverage.

With the platform stable, we shifted into our standard AI automation methodology — the approach we run for every automation engagement: an AI Operations Audit that maps and scores every workflow, a build phase delivering production-grade automations integrated with the client's existing systems.

We ran a structured technical audit across the backend, the mqtt-receptor service, and the authentication prototype — covering SQL injection surface, credential handling, access control, and transport security. The findings shaped the remediation roadmap and gave the client a documented baseline of where the platform actually stood.

The picture wasn't unusual for a platform that had grown faster than its engineering practices.

• A single authentication function with a SQL injection vulnerability was being called in over 200 places across the codebase. 
• PI tokens to live third-party telematics providers were hardcoded into source files.
• Production was running with permissive CORS and host configuration, and core services communicated without transport encryption.

• Eliminated the central SQL injection surface — rewrote the shared authentication function used in 200+ call sites to use parameterized queries and a whitelisted field model
• Pulled credentials out of source code — moved hardcoded API tokens, database credentials, and service keys into a managed secrets layer with rotation
• Locked down production configuration — replaced wildcard hosts and open CORS with environment-specific allowlists, hardened security headers
• Closed authorization gaps — added ownership and scope checks across CRUD endpoints that had previously authenticated users without verifying access
• Enabled transport encryption — TLS on PostgreSQL and the MQTT broker, with certificate verification on both ends
• Removed information disclosure paths — stripped debug prints, sanitized error responses, tightened logging
• Hardened document handling — whitelisting, ownership checks, and size/type limits on file access endpoints

The 2 TB problem was concentrated in a single table that recorded every GPS coordinate, engine reading, brake event, and sensor signal from every vehicle. That one table accounted for roughly 90% of the database's storage footprint.

The platform's reports and operational queries rarely needed deep historical data — most relied on the last 30 to 90 days.

Years of cold records were being kept in the same hot tables that served live operations, with no separation between data that needed to be fast and data that needed to be available.

• Time-based data tiering — recent six months stays in the original tables for fast live queries; older data moves to mirror archive tables on cheaper storage
• Smart query layer — automatically routes each query to the right tier based on its date range, with zero application changes required
• Phased archival migration — data moved out in widening windows (2 years → 18 months → 12 months → 6 months) with full backups and a rollback plan at every stage
• Automated monthly archival — keeps the active database lean as new data continues to flow in
• Retention policy — records past three years are purged on a defined schedule aligned with the client's legal requirements
• Realistic development environments — a sample data generator creates a 30-day representative dataset on demand, so schema changes and new features can be tested properly
• Test coverage on critical workflows — automated tests introduced for the operations the business depends on
• Reporting module refactor — the legacy reports the downstream AI workflows would build on, rebuilt for reliability and extensibility

With the platform stable, we moved into embedding AI into the day-to-day operations.

The goal was automating the repetitive, high-volume tasks distributed across the product's three lines: vehicle tracking, CCTV, and tachograph compliance.

A structured audit across the client's three product lines identified where AI would deliver the most value.

• Scope alignment

  Defined the three product lines and the operator roles to interview.

• Operator interviews

  Spoke with transport managers and fleet operators to map how the platform was actually used day to day, surfacing where the repetitive load lived.

• Workflow inventory

  Documented every candidate workflow across the three product lines as input for scoring.

• Scoring

  Evaluated each workflow on automation potential, impact on operator time, and integration complexity.

• Prioritization

  Shortlisted one priority automation per product line, ready for build.

Daily and weekly reports were assembled by hand from raw telemetry. We replaced it with an AI-generated reporting layer that synthesizes telemetry, driver behavior, and event data into a finished report, distributed to the right transport manager automatically.

Key features:

• Daily and weekly fleet activity digests, generated per fleet manager
• Anomaly highlights — route deviations, harsh braking, idling, fuel spikes
• Driver behavior summaries pulled from telemetry and CCTV events
• Configurable schedules, recipients, and report templates per operator
• Automated distribution via email and platform inbox

Tachograph compliance is rule-heavy, infringement-prone, and carries direct financial exposure under UK and EU driving-hours regulations. The co-pilot analyzes driver hours data continuously, flags potential infringements before they cross the line, and routes proactive alerts to the responsible transport manager.

Key features:

• Automated analysis of daily and weekly driver hours data
• Early-warning alerts for approaching infringements (driving limits, breaks, weekly rest)
• Confirmed infringement detection with severity classification
• Driver document tracking — licenses, CPC cards, insurance — with expiry alerts
• Compliance dashboard surfacing open issues, deadlines, and remediation status

Transport managers spent meaningful time on ad-hoc lookups — vehicle status, behavior events, footage retrieval — work that interrupted their day without producing leverage. The co-pilot embeds a natural-language assistant directly into the platform, collapsing those lookups into seconds.

Key features:

• Natural-language queries over live telemetry, driver behavior, and event history
• Live fleet status answers ("which vehicles are idling over 15 minutes")
• Driver behavior lookups across configurable time windows
• CCTV footage retrieval by vehicle, driver, and time range
• Contextual summaries spanning telemetry, CCTV, and tachograph data