Find out what yourAI agents can actually touch
Every AI agent, MCP server, and OAuth connector you've granted is a standing door into your data. This auditor grades each one — least-privilege, over-scoped, or ungoverned — and rolls your fleet up to one honest posture. The dispositive fault it never misses: a connector that can write regulated data with nobody accountable for it.
Your agents have more access than your employees — and nobody's tracking it.
Standing doors nobody closed
Every grant is a door into your data that outlives the project that opened it. Most teams can't list which connectors are write-capable, which touch regulated data, or which have an owner.
The risky ones are unowned
The grants that can change data are exactly the ones least likely to have someone accountable for them — the ones that matter most the moment something goes wrong.
The average flatters you
A fleet reads healthy on average while one connector quietly writes regulated data with no accountability. An average hides the single fault that is the whole exposure.
Try it on the sample fleet.
Edit any connector and watch the verdict and fleet posture recompute. Notice the CRM sync and Billing export connectors carry the identical risk score — the only difference is one has no owner.
Live demo · edit any connector
| Connector | Scope | Data | Recency | Owner | Risk | Verdict |
|---|---|---|---|---|---|---|
| Calendar read agent | 14 | LEAST-PRIVILEGE | ||||
| Support inbox drafter | 44 | OVER-SCOPED | ||||
| CRM sync connector | 65 | UNGOVERNEDunowned · reg · write | ||||
| Analytics read-only | 0 | LEAST-PRIVILEGE | ||||
| Billing export bot | 65 | OVER-SCOPED | ||||
| Old Zapier hook | 68 | OVER-SCOPED | ||||
| Docs read agent | 23 | LEAST-PRIVILEGE |
Fleet posture
EXPOSED
worst connector = UNGOVERNED · mean risk 40 (context only)
Counts
3 least-privilege · 3 over-scoped · 1 ungoverned
Fix first: CRM sync connector
The posture is the worst connector, not the average. Two connectors can carry the identical risk score yet split on a gate — an unowned connector that can write regulated data is ungoverned however clean the rest of the fleet looks.
One unowned connector exposes the fleet.
The same seven connectors, scored by the engine. Five of seven are least-privilege or over-scoped and the mean risk is a benign-looking 40 — yet the fleet is EXPOSED, because one connector can write regulated data with no owner. The posture is the worst connector, not the average.
AI Agent & Connector Access Auditor (ACAA-099) ============================================================ Calendar read agent risk 14 LEAST-PRIVILEGE Support inbox drafter risk 44 OVER-SCOPED CRM sync connector risk 65 UNGOVERNED [UNOWNED-REG-WRITE] Analytics read-only risk 0 LEAST-PRIVILEGE Billing export bot risk 65 OVER-SCOPED Old Zapier hook risk 68 OVER-SCOPED [STALE-WRITE] Docs read agent risk 23 LEAST-PRIVILEGE ------------------------------------------------------------ Connectors: 7 mean risk 40 (context only) LEAST-PRIVILEGE 3 / OVER-SCOPED 3 / UNGOVERNED 1 FLEET POSTURE: EXPOSED (worst connector = UNGOVERNED) Fix first: CRM sync connector (UNGOVERNED, risk 65)
How a connector is scored.
Four weighted risk levers
Scope breadth (28), data sensitivity (34), write capability (14), and staleness (24) roll to a 0–100 risk score: LEAST-PRIVILEGE 0–39, OVER-SCOPED 40–69, UNGOVERNED 70–100. Higher is worse. Risk is additive across levers, so the score does honest graduated work and ranks what to fix first.
Two gates that only worsen
Unowned + write + regulated → UNGOVERNED no matter the score (the dispositive fault — a score would flatter it). Write + stale → at least OVER-SCOPED, because an abandoned standing write grant is never least-privilege. Fleet posture is the worst connector: GOVERNED, DRIFTING, or EXPOSED.
Clear about the lane. No inflated promises.
It is
- A deterministic access-risk read on an inventory you enter
- The front door to safely adopting agentic workflows
- The evidence layer your governance framework assumes
It isn't
- A live scanner — it never connects to your systems
- A tool that revokes grants or changes permissions
- A score of any person, or a security audit of your systems
Honest scope: this kit audits an access inventory you export and enter. It does not connect to your systems, change a permission, revoke a grant, or move data, and it does not score, rank, or assess any person. Not legal or security-audit advice — confirm your access policy with your security or compliance owner.
For the team that let the grants pile up.
Founders, operators, and IT or security owners who've let AI agents and connectors accumulate faster than anyone tracked them — and want one honest read on what those grants can reach before an auditor, insurer, or incident asks. Run it before you wire up an orchestration workflow: the safest workflow is only as safe as the connectors it inherits.
Build it, govern it, verify it.
MCP Server & Connector Builder Kit
$99
Build connectors that are safe by default — the construction side of what this kit audits.
NIST AI RMF / US AI Governance Readiness Kit
$149
The governance framework this connector evidence feeds — Govern, Map, Measure, Manage.
AI Governance & Acceptable Use Starter Kit
$39
The policy this auditor operationally checks — set the rules, then verify the grants.
The questions operators actually ask before granting access.
It scores connectors, never people. For every AI agent, MCP server, and OAuth connector you've granted, the AI Agent & Connector Access Auditor reads four things you enter — scope breadth, data sensitivity, write capability, and staleness — and returns a 0–100 access-risk score banded LEAST-PRIVILEGE, OVER-SCOPED, or UNGOVERNED. The owner field records who is accountable for a grant; it is never turned into a score of that person. This is an operational read on access surface, not an assessment of anyone's job.
Because the fleet posture is the worst connector, not the average. In the worked sample, five of seven connectors are least-privilege or over-scoped and the mean risk is a benign-looking 40 — yet the fleet reads EXPOSED, because one connector can write regulated data with nobody accountable for it. Averaging would hide that single dispositive fault; the Auditor refuses to, because one ungoverned write-to-regulated grant is the whole exposure. The mean is shown for context only.
It's the one fault the Auditor never lets a score flatter. A connector that can write regulated data with no owner is rated UNGOVERNED no matter how its raw risk score lands — nobody is accountable for what it can change. The sample proves the gate does distinct work: the CRM sync and Billing export connectors carry the identical risk score of 65, but the CRM sync has no owner, so it's UNGOVERNED while the Billing export is only OVER-SCOPED. A second structural gate floors any abandoned standing write grant (write + stale) at OVER-SCOPED — it's never least-privilege.
No. The Auditor is deterministic and offline — it audits an inventory you export and enter, and the same numbers reproduce in the included workbook. It never connects to your systems, scans live, revokes a grant, changes a permission, or moves data. You stay in control of every change; it tells you which connector to fix first, in priority order, and the Remediation Runbook tells you what to do.
The included Access Inventory Playbook shows where to export grants from — your IdP and OAuth consent screens, MCP server configs, agent platforms, and Zapier/Make-style integration lists — and how to classify each connector's scope (read/write/admin), data class (public/internal/regulated), recency (active/idle/stale), and owner. Drop the result into the workbook or run the Python engine on it. A worked seven-connector sample is included so you can see a full audit in about a minute.
No. The AI Agent & Connector Access Auditor is an operational readiness tool — it gives you an honest access-risk read and a fleet posture from the inventory you enter. It is not legal advice and not a security audit of your systems, and it doesn't assess any person. Confirm your access policy and any compliance obligations with your own security or compliance owner. It pairs with the MCP Server & Connector Builder Kit (build connectors safely) and the NIST AI RMF Readiness Kit (the governance framework this evidence feeds).
See what your AI agents
can reach.
Grade every connector and get your fleet's honest posture in one afternoon. One purchase, lifetime access, 12 months of updates. $99, once.
Honest scope: this kit audits an access inventory you export and enter. It does not connect to your systems, change a permission, revoke a grant, or move data, and it does not score, rank, or assess any person. Not legal or security-audit advice — confirm your access policy with your security or compliance owner.
Sold by RedHub AI LLC · Secured by Stripe · redhub.ai