AI software

Govern what your AI support agent can change

Put a fail-closed boundary in front of AI support agents. Refunds, credits, and account changes get a policy verdict, an approval path, and a verifiable receipt.

Run the execution risk test Request a proof pack

The problem

The action is the risk, not the model.

A support agent that can move money or alter an account is one prompt away from an unauthorized refund. Security reviewers ask who approved it and what evidence exists.

Granting this agent access means it can issue refunds, apply credits, and change customer accounts. Each of those is a side effect someone has to answer for.

What HELM does

A verdict before the side effect runs.

HELM checks the proposed action against policy before any effect runs, then records a signed receipt. Here is one path for ai customer support agents.

Agent proposes

Agent proposes a $480 refund outside policy

HELM checks policy

Checks refund policy, amount, and customer context

Verdict

ESCALATE

Proof

Refund decision receipt + approval EvidencePack

Proof you can hand to a reviewer

Evidence that survives outside the dashboard.

Each governed action leaves a record your security reviewer can verify offline.

  • Customer-action receipt
  • Refund-approval EvidencePack
  • Replay report

Action class: Refund / credit

How this side effect is governed

Default policy. Escalate over threshold; allow under policy.

Required evidence. Customer-action receipt, amount, policy, evidence.

Questions

What reviewers ask first.

Can the agent act without approval?

Not for this action class. HELM checks the proposed action against policy before any side effect runs. For refund / credit the default is "Escalate over threshold; allow under policy", so anything unknown or unapproved stops by default.

What evidence do I show a security reviewer?

Every decision records customer-action receipt, amount, policy, evidence. You hand the reviewer the signed receipt and EvidencePack, which they verify offline without access to your dashboard.

Does this slow the agent down?

The check sits in the action path, not the conversation. Low-risk actions that policy already permits proceed; only consequential side effects pause for a verdict or an approver.

Keep reading

Follow the proof path.

Execution authority The layer that decides whether an agent action may run. Receipts vs logs Why a log is not proof an action was authorized. EvidencePacks Signed, offline-verifiable proof of what happened. See the demo Watch the agent attempt its action and HELM return a verdict.

Hand your reviewer proof, not promises.

Bring one refund / credit action to the boundary and see the verdict and the receipt.

Request a proof pack Run the risk test