Free · 30 minutes · 1:1 with our founders

Do you know what your agent is actually doing?

Learn how to track and manage your agent risk in a 1:1 session with the team helping agents go from POC into production at enterprises globally.

prefactor.app / fleet / risk & quality
Total Agents
47
Across 7 services
Healthy
28
No action needed
Needs Review
15
Monitor closely
At Risk
4
Immediate attention
Highest Class
L4
Confidential
Avg Risk Score
38
Low exposure
Avg Quality
79
On target
Data Categories
12
PII + GDPR Art. 9
Drift Signals
6
Last 24h
🔍

What is an Agent Audit?

A 30-minute working session where we plug your AI agent into Prefactor and map exactly what it can do, what data it touches, and where its actual behaviour has drifted from how it was designed.

🧠

What can I expect from the session?

You’ll be in the room with our founders — the team who built Prefactor. Hands-on with your agent from minute one. Just your agent on the screen and a live read on its risk profile.

📄

What deliverables can I share with my team?

A live risk score for your agent and a written report you can forward to security, compliance, or your CTO. It covers permissions, data exposure, and where your agent has drifted from its design.

Book your audit

Tell us about your agent. Calendly opens after submit.

After submitting, you’ll be taken straight to our calendar to pick a time.

Frequently asked questions

How Prefactor thinks about agent risk

How does Prefactor define agent risk?
Risk is broken into two halves. The action profile is what your agent is permitted to do — create, read, update, or delete data, trigger financial transactions, send external communications. The data profile is the categories of sensitive data flowing through it, classified from public through to secret. Together they tell you how much damage an agent could do, and how much of that surface area it’s actually using.
What types of data does Prefactor look for?
Seventeen categories in total, including standard PII (names, contact, location, behavioural), financial records, credentials, confidential business data, and the GDPR Article 9 special categories — health, biometric, genetic, racial or ethnic origin, religious belief, political opinion, sex life or orientation, and trade union membership.
What’s the difference between what an agent can do and what it’s actually doing?
The first is the design — the permissions and data access an engineer declared when they built the agent. The second is the reality — what the agent has actually invoked in production. Most teams only see the first. Prefactor shows you both, side by side, so you can see where an agent has drifted from what it was designed to do.
How does an engineer declare risk on an agent?
Risk is declared in the schema, not sniffed from payloads at runtime. Each span type in your agent has a data risk definition: which categories of data flow through its inputs and outputs, what classification level they’re at, and what actions it’s allowed to take. That makes the risk profile auditable, version-controlled, and reviewable by a human before it ever runs.
How is an Agent Audit different from a security audit?
A security audit asks whether your infrastructure is hardened. An Agent Audit asks something different: whether the agent itself is doing what you think it’s doing. It’s the layer between the model and the systems it touches — the part most security tooling doesn’t cover yet.
Do I need to share production data or credentials?
No. We work from your agent’s schema definition and a sample of recent runs. You don’t need to hand over production credentials or live customer data to get a meaningful read on the risk profile.