LLMs in Solar Due Diligence: A Conversation with Aevy at Intersolar Europe 2026
Aevy's Intersolar Europe booth showed an LLM pipeline that reads thousands of pages of solar asset-management documents. We talked about the failure modes nobody in the room was mentioning.

Booth C4.450C, Hall C4, Intersolar Europe. Aevy — the Norwegian document-AI startup whose booth blurb reads "Aevy supercharges asset management and due diligence by automatically extracting information from your documents" — was demoing the kind of pipeline that has quietly become table-stakes in solar asset management: upload a data room, get back a structured extract of PPAs, warranty terms, permit conditions, module datasheets and O&M SLAs, ready to feed into an underwriting model.

Why this matters more than it looks
The extract is not a report a human reads and then forgets. It flows directly into the models that price the asset, size the debt package, and set the reserve accounts for the next twenty years. A 2% error in an assumed warranty ceiling, extracted incorrectly from a PDF, is a real number on a real balance sheet.
That places document-AI platforms — Aevy, but also Klarity, Eigen, Evisort's energy vertical, and a growing set of in-house pipelines at the major asset managers — in an interesting category. They are LLM systems whose output is trusted, downstream, by systems that do not know they are trusting an LLM.
The failure modes
The interesting failures here are not the ones the OWASP LLM Top 10 is best known for. They are:
- Adversarial documents. A PDF whose text layer disagrees with its rendered image (the classic "pixel-vs-text" attack, well-documented against academic paper submission systems) can steer an extraction model toward a wrong number while a human reviewer sees the right one.
- Prompt injection in scanned annexes. A field-signed acceptance protocol scanned into a data room can, in principle, carry attacker-supplied instructions in its OCR'd body. Those instructions never reach a human; they reach the model.
- Schema drift. The extraction schema evolves as the product evolves. Silent drift in field definitions between v3.1 and v3.2 of a pipeline produces subtly wrong extracts that pass all shape checks and fail all downstream sanity checks.
- Confidentiality leaks. Multi-tenant document platforms with shared retrieval indexes are one misconfigured filter away from cross-customer disclosure. The 2024–2025 vector-database disclosure incidents (Pinecone-adjacent, plus several self-hosted deployments) are the pattern to avoid.
Where TrendGuru fits
For a platform like Aevy, the partnership shape is targeted:
- Extraction-integrity tests. Golden-set documents with known-correct extracts, plus adversarial variants (pixel-vs-text, injected annex text, obfuscated numbers), executed on every model or prompt change.
- Tenant-isolation assurance. Structured tests against the retrieval and extraction paths, verifying that customer A's documents cannot influence customer B's extractions.
- Provenance and audit. Immutable per-document logs — source hash, model version, prompt version, extract, confidence — retained long enough to reconstruct any downstream disputed number.
- Model supply chain. Continuous scanning of the OCR, embedding and extraction model artifacts against known-bad hashes and typosquat patterns.
The wider point
Intersolar Europe 2026 was, more than in any previous year, an AI show wearing a solar show's clothes. The interesting exhibits were not modules; they were the software layers that increasingly decide which modules get bought, financed, deployed and dispatched. That software runs on models. Those models are software supply chains with adversarial inputs. Securing them is not somebody else's problem; it is the risk story of the next investment cycle.
If your underwriting depends on a number a model extracted, then the model is part of your underwriting. Audit it accordingly.

