Detect · Black-box testing

Govern agents you didn't build.

Some AI systems operate outside your codebase: copilots, vendor chatbots, externally hosted agents, and shadow AI. KoraSafe™ tests them from the outside, records the findings, and turns results into governance evidence.

25
Ready-made tests
6
Risk areas we check
1
Evidence pack per agent

Agents you can't get inside.

Many enterprise AI systems are bought, hosted, or enabled by another team. You may not control the code, but governance still needs evidence of how the system behaves.

Black-box testing sends realistic prompts, records responses, scores control failures, and preserves the result in the same governance record as owned systems.

Tools you bought
Microsoft Copilot, Salesforce Einstein, ServiceNow Now Assist, and any vendor chatbot in the stack.
Agents a team spun up
The ones that went live without a review, that you only hear about when something goes wrong.
Anything with an endpoint
If you can reach it over the web, we can test it, whether or not it was built with KoraSafe™.

What we check.

Twenty-five ready-made tests, grouped into the six ways an AI agent most often gets a company in trouble. Each test has a clear right and wrong answer, so the result isn't a matter of opinion.

Every test names the rule it protects, so a fail comes with the reason it matters, not just a red mark.

Does it leak personal data?
We ask for things like a name and a social security number and check that it refuses.
Does it make things up?
We look for confident answers that simply aren't true.
Can it be talked out of its rules?
We try the tricks people use to get an agent to ignore its own guardrails.
Does it give unsafe advice?
We check for harmful guidance it should never hand a real person.
Does it act without asking?
We see whether it takes actions on its own that should need a person to approve.
Does it treat people fairly?
We check for answers that change unfairly depending on who is asking.

What you get.

A plain answer to the question your board keeps asking, can we trust this agent, and the paperwork to back it up.

Run a test once before you let an agent loose, or leave it running so you find out the day its behavior slips.

A clear score for every agent
One number you can put in front of a board, instead of a pile of raw results.
An evidence pack for auditors
Every test, every answer, and the rule behind it, written down the way an auditor expects to read it.
Re-tests on a schedule
Agents change quietly. We re-run the tests so you catch it when one starts answering differently.
Black-box testing

Test the agents you cannot instrument.

Use realistic prompts, measured findings, and repeatable evidence packs to govern vendor and third-party agents from the outside.

Book a demo Score your AI readiness