Agent Surface Assessment (Free)
In ~15 minutes, get a clear snapshot of your **non-human identities**: SaaS bots, service accounts, OAuth apps and app-to-app grants. We start with **Google Workspace** and **Slack**, highlight risky scopes and drift, and produce **plain-English findings** mapped to SOC 2, ISO 27001, GDPR and the EU AI Act. No agents. No tenant-wide privileges. Just safe OAuth/API access.
What You Get
Complete Agent Inventory
A consolidated list of bots, service accounts, OAuth apps, webhooks, and app-to-app grants across Google Workspace and Slack. We normalize scopes and effective permissions so you see what each entity can actually do.
Immediate Risk Highlights
High-signal findings like over-privileged OAuth scopes, stale/dormant actors, public-sharing risks, and lateral-movement potential. Each flag includes context and suggested next steps.
Explainable Findings
Every item includes a concise narrative (“why this matters”), supporting evidence, and linked controls (SOC 2, ISO 27001, GDPR, EU AI Act). Useful for executive briefings and audit prep.
Actionable Next Steps
A prioritized plan: which integrations to onboard, which rules to enable, where to minimize scope or require JIT approval, and how to convert the snapshot into a living baseline for drift tracking.
How It Works
1. Connect Safely
Use least-privilege OAuth/API credentials for Google Workspace and Slack. Discovery is agentless and read-only.
2. Discover & Normalize
We enumerate agents, scopes and reachable resources, then normalize into a unified identity graph for effective-permission views.
3. Review Findings
Get a clear digest of risks, with explainable narratives and mapped controls. Convert the snapshot into a baseline to track drift.
Sample Insights You’ll See
Over-Privileged OAuth
A Slack app requests files:write and channels:history for a finance workspace. Recommendation: minimize scope and require JIT approval for sensitive channels.
Dormant Bot with Access
A Google Workspace add-on hasn’t been used in 90 days but retains drive.readonly. Recommendation: revoke token or set expiry with owner accountability.
Cross-App Lateral Risk
A service account can read HR docs and post messages in Slack. Recommendation: split duties, reduce scopes, or enforce human-in-the-loop for specific actions.
Privacy & Security
Discovery is **read-only** and scoped to the permissions you grant. We use strict multi-tenant isolation, per-tenant database schemas, and signed activity logs. Findings are yours; export them or keep them as a baseline to track drift. Need on-prem or data-boundary controls? We support a self-hosted option and will align with your security review.
Ready to see your agent surface?
Start with a free snapshot, then convert it into a living baseline for continuous drift tracking, explainability, and governed enforcement.