Methodology

AgentProof Capability Zones

A readiness lens that classifies agents by autonomy, data access, and action authority — so you choose the right controls for the agent you actually have.

Three zonesControls by zoneSource-backedAgentProof-defined

Classify my agent →Open the reference library

Zone 1Lower risk

Informational Agents

Agents that answer questions, summarise content, and guide users — without changing systems of record.

Risk profile: Lower operational risk. Higher reputation risk if it confidently invents answers.

Examples

Internal documentation chatbot
Onboarding Q&A assistant
Customer support FAQ helper

What good design includes

A written scope statement of what the agent will and will not answer
Source-attribution surfaced to the user on every answer
A graceful refusal pattern when context is missing or uncertain
A calm tone — neutral, not flattering, not alarming

Questions AgentProof will ask

What is this agent's documented purpose?
Which knowledge sources is it allowed to read?
How does it behave when asked something outside scope?

Moves to a higher zone when: The day it starts drafting customer-facing content, suggesting actions, or reading personal/regulated data, it has effectively moved to Assisted Work.

Zone 2Medium risk

Assisted Work Agents

Agents that use organisational data and help complete tasks — but require a human to commit changes.

Risk profile: Medium operational risk. Quality of recommendations becomes visible quickly; data handling discipline becomes important.

Examples

Sales follow-up drafting assistant
Internal ops triage helper
Research aggregation agent

What good design includes

Clear human-in-the-loop step before any commit
Provenance shown on every draft (sources + context window)
Data classification and access controls applied at the source, not at the prompt
Documented behaviour when records or context are missing

Questions AgentProof will ask

Which data sources can the agent read?
Is the human-in-the-loop step explicit and tested?
Where does the agent surface its sources to the user?

Moves to a higher zone when: Any path that lets the agent commit a change — updating a record, triggering a workflow, sending an outbound message — moves it to Action-taking.

Zone 3Higher risk

Action-Taking Agents

Agents that trigger workflows, update records, or make decisions that affect business outcomes.

Risk profile: Higher operational risk. Mistakes touch customers, partners, finance, or systems of record.

Examples

Order-routing agent that updates ERP records
Service-ticket agent that creates and assigns tickets
Internal finance agent that reconciles or proposes journal entries

What good design includes

Tight scope on which actions the agent can reach
Idempotent action wiring (safe to retry without duplicating)
Per-action audit trace with no PII or token leakage
Tested rollback / escalation path on every failure mode
Explicit human approval gate on the highest-impact actions

Questions AgentProof will ask

Which actions can this agent reach? What CAN'T it reach?
Are write/workflow actions idempotent?
Where is the human approval gate? How is it enforced?
What is the rollback if an action goes wrong?

Moves to a higher zone when: Action-taking is the top zone here. Beyond this, agents enter regulated territory (e.g. agents acting on behalf of customers in regulated industries) and require dedicated programme-level governance.

At-a-glance comparison

A side-by-side look so you can place your agent in seconds.

Dimension	Informational Agents	Assisted Work Agents	Action-Taking Agents
Can change records?	No	No (drafts only)	Yes — by design
Reads org data?	Published knowledge only	Yes, scoped per user	Yes, scoped + audited
Human in the loop?	Refusal patterns + scope	On consequential drafts	On every consequential action
Top control family	Purpose & scope	Data access & sensitivity	Action authority
Top evidence	Refusal transcripts	Provenance on drafts	Audit trace + rollback rehearsal

How to classify your agent

Walk these four questions in order. Stop at the first Yes — that's the zone.

1. Can the agent commit a change to a system of record without a human confirming?
Yes → Action-TakingNo → (continue to next question)
2. Can the agent send outbound messages, create tickets, or trigger workflows on its own?
Yes → Action-TakingNo → (continue to next question)
3. Does the agent read organisational data, drafts, or records to help the user do their job?
Yes → Assisted WorkNo → (continue to next question)
4. Does the agent recommend a next action the user then takes manually?
Yes → Assisted WorkNo → Informational

Why this matters before go-live

Most agent incidents trace back to applying lower-zone controls to a higher-zone agent. Pinning the capability zone before wiring tools is the cheapest control you have — and it's what AgentProof asks you to do in step 2 of the readiness assessment.

Start the free assessment See the control library

Ready to assess your own agent?

Start the free assessment to apply this guidance to a real agent. No payment. No public registration required.

Start the free assessment →Preview the full experience