SaaS Agent Protection
Protect any SaaS AI agent (Salesforce Agentforce, HubSpot Breeze, Zendesk AI, Intercom Fin) without modifying agent code.
Protect SaaS AI agents you don't control
Most enterprise AI agents โ Salesforce Agentforce, HubSpot Breeze, Zendesk AI, Intercom Fin โ run inside vendor clouds. You can't inject middleware into the agent's runtime. You can't add an SDK. You can't intercept its tool calls.
But you can control where it sends its API calls.
How destination-side proxy works
SaaS Agent (Salesforce, HubSpot, etc.)
โ
โ configured to call Interven URL
โผ
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
โ Interven Inbound Gateway โ
โ https://api.intervensecurity.com/ โ
โ inbound/<your-prefix>/... โ
โ โ
โ 1. Match path to route โ
โ 2. Identify calling agent โ
โ 3. Run full policy + risk pipeline โ
โ 4. Decide ALLOW/DENY/SANITIZE/ โ
โ REQUIRE_APPROVAL โ
โ 5. Forward to real upstream with โ
โ stored credentials โ
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
โ
โ with real Bearer token
โผ
Real Slack / GitHub / DB / APIThe agent never sees the real credential. Interven holds it. The agent calls Interven; Interven scans, then forwards.
Setup (3 steps)
1. Create an inbound route
In the Console โ Inbound Routes:
- Path prefix โ short identifier, e.g.
sf-slack - Upstream URL โ the real API base, e.g.
https://slack.com/api - Upstream headers โ credentials Interven adds when forwarding:
Authorization: Bearer xoxb-your-real-slack-token - Tool name (optional) โ
slack,github, etc., for policy attribution - Agent identification โ how Interven attributes the call to an agent
2. Configure your SaaS agent
Point the SaaS agent at the Interven URL instead of the real API. Specifics per platform:
- Salesforce Agentforce โ Named Credentials + External Services
- HubSpot Breeze โ Agent Tool
actionUrl - Zendesk AI โ Integration Builder
- Intercom Fin โ Data Connector URL
3. Test and monitor
Every call appears in Activity with full decision evidence: matched policies, risk score, classifications. Set policies in Policies to control what each agent can do.
Decision behavior
| Decision | What the SaaS agent sees |
|---|---|
| ALLOW | Real upstream's response, transparently |
| DENY | HTTP 403 with reason_codes |
| SANITIZE | Real upstream's response (Interven sent redacted body) |
| REQUIRE_APPROVAL | HTTP 202 with approval_id. Retry within 10 min after analyst approves โ auto-allowed via RECENT_APPROVAL_GRANT. |
Headers you'll see
Every response from the inbound proxy includes:
X-Interven-DecisionโALLOW/DENY/SANITIZE/REQUIRE_APPROVALX-Interven-Trace-Idโ UUID for telemetry correlationX-Interven-Reasonsโ comma-separated reason codes (if any)
Coverage matrix
| Platform | Method | Coverage |
|---|---|---|
| Salesforce Agentforce | Named Credentials โ Interven URL | Full |
| HubSpot Breeze | Agent Tool actionUrl โ Interven URL | Full |
| Zendesk AI | Integration Builder URL โ Interven URL | Full |
| Intercom Fin | Data Connector URL โ Interven URL | Full |
| Sierra | Custom API integration โ Interven URL | Full |
| Decagon | API endpoint config โ Interven URL | Full |
| Microsoft Copilot (custom agents) | MCP server URL โ Interven URL | Custom agents only |
| Google Gemini (Vertex agents) | Custom agent endpoint โ Interven URL | Custom agents only |
For platforms that don't expose an API endpoint config, use OAuth scope restriction + audit log monitoring as a fallback.