Agent Governance · Data
What sensitive data agents put into their actions.
What we observe
Detected by qscan on action payloads. We see the data type leaving in a call and classify the target as model / tool / internal — we do not see how the agent used it internally.
Open exposure
support-copilot put EMAIL_ADDRESS + US_SSN into an action to an unapproved model (generativelanguage.googleapis.com).
320 calls · authorization ALLOW · target classified Unapproved / unknown
Exposure flows · sensitive data leaving in actions
2 flowsSensitive data types observed · count of actions exposing each
EMAIL_ADDRESS
2 actions
reaches model / unapproved
US_SSN
1 action
reaches model / unapproved
PERSON
1 action
reaches model / unapproved
Internal reads are expected; the risk is sensitive data crossing into a model or unapproved tool.
Fields: qscan sensitiveDataType · sourceExe · endpointId · class · action