u/Ambitious-Load3538

[ Removed by Reddit on account of violating the content policy. ]

Question for people who review vendors or internal apps:


If a SaaS vendor says they use AI agents that can access customer data, send emails, call APIs, update records, or trigger payments/refunds, what evidence would you ask for?


My current checklist would be:


- what tools the agent can call
- whether those tools are read-only or mutating
- sample replay trail: user intent -> proposed action -> arguments -> result
- approval trail for destructive or exfiltrating actions
- service account / permission scope
- retry and idempotency handling
- evidence that prompt injection cannot directly trigger a high-blast-radius action

What would you add or remove from the review checklist?

For sec teams getting asked to review AI agent deployments, wrote up the 12 failure modes I see most often, with the audit signal for each:

Most relevant to your reviews:

• Prompt injection (a category that has no clean patch — has to be managed via tool constraints + approvals + monitoring)
• Wrong system access (agents inheriting service accounts they shouldn't have)
• Unverifiable decisions (no replay trail = your fraud team can't defend any decision after the fact)
• Missing approval (gates implemented in prompts instead of code, easily fragmented around)

Curious which of these have come up in your actual buyer-side reviews, and whether AI agent posture is going into your security questionnaires yet.