← c15c15 / wf2 - Agent-Native Pass (agent-as-actor) / Data Exposure·agent-native-v1-v1 · 2026-06-03 · draft
Qpoint
QP
Data Exposureagent-as-actor · grounded in real telemetry

Agent Governance · Data

What sensitive data agents put into their actions.

What we observe

Detected by qscan on action payloads. We see the data type leaving in a call and classify the target as model / tool / internal — we do not see how the agent used it internally.

Open exposure

support-copilot put EMAIL_ADDRESS + US_SSN into an action to an unapproved model (generativelanguage.googleapis.com).

320 calls · authorization ALLOW · target classified Unapproved / unknown

view in activity →

Exposure flows · sensitive data leaving in actions

2 flows
AgentData typesTool / modelAuthorizationCalls
support-copilotEMAIL_ADDRESSUS_SSNPERSONgenerativelanguage.googleapis.comUnapproved / unknownALLOW320
support-copilotEMAIL_ADDRESScustomer-db.internalInternal serviceALLOW180

Sensitive data types observed · count of actions exposing each

EMAIL_ADDRESS

2 actions

reaches model / unapproved

US_SSN

1 action

reaches model / unapproved

PERSON

1 action

reaches model / unapproved

Internal reads are expected; the risk is sensitive data crossing into a model or unapproved tool.

Fields: qscan sensitiveDataType · sourceExe · endpointId · class · action