The demo video runs 3:14. Ten narrated segments. Here's exactly how each one maps to the five objectives Kishore defined — what we proved, what we showed awareness of, and what's Sprint 2.
"Based on the questionnaire responses we received, your team made it clear — shadow AI discovery is handled by detection engineering. What you need from us is governance for the AI you already know about. This agent is our answer."
No specific objective — this is the frame. It tells Deloitte: we listened to your questionnaire, we understood your scope (not shadow AI — governed AI), and we built to that scope. Sets up everything that follows.
"Two data sources feed this agent. First, it calls Anthropic's API directly, pulling the full list of models available outside your environment. Second, it receives platform telemetry — every agent deployed, every integration connected, every model enabled."
Proves the architecture works. The platform can be the hub — an agent on the platform collects internal telemetry and reaches external APIs in a single run. This is the foundation for all five objectives. Without this, nothing else works.
"286 agents in this environment. Two were created in the last 48 hours. One of them has no name, no description, and full administrative permissions. That's an agent nobody can account for, doing things nobody documented."
Objective 1: Detect unauthorized agent deployment — PROVED. Not a mock. Real inventory of 286 agents. Real finding: unnamed agent with full perms, created within 48h. This is the exact use case Kishore described.
"The monitor classifies agents by risk. One does dynamic tool selection with no boundaries, another does browser automation with full delegation rights, another handles HR evaluations with PII but no guardrails."
Deepens Objective 1. Beyond inventory — the agent classifies risk per agent. 10 flagged with specific reasons. This is what the SOC team needs: not just "here are your agents" but "here are the ones that need attention and why."
"45 active connections. 14 classified as high-risk. Okta with private key access, Entra ID with full directory access, Snowflake, CrowdStrike, eDiscovery. The question isn't whether these integrations exist — it's whether every agent should have access to all of them."
Objective 2: Detect unauthorized tools / sensitive data sources — PROVED. Full inventory of connections with risk classification. Real integration names, real access levels. The agent surfaces the question Deloitte wants answered: who has access to what?
"Agents that auto-fix CI pipelines and create pull requests without human approval. An incident auto-resolver that closes tickets autonomously. A penetration testing workflow in the shared catalog where any user can access it."
Objective 3: Detect drift in agent actions — PARTIAL. We show configuration analysis: agents configured in ways that violate standard change management. This is real data. But true drift detection requires runtime audit logs (what agents did, not how they're configured). That's Sprint 2.
"12 agents have maximum permissions. No policy requires documentation when you create an agent. No lifecycle management. The controls infrastructure exists — what's missing is the monitoring layer."
Objective 4: Detect guardrail / policy changes — PARTIAL. We show the current state of permissions and the policy gaps. Real data. But detecting changes requires baseline + diff between runs. Sprint 2 adds that layer.
"Three Claude models are accessible externally but aren't in the governed catalog. Anyone with a direct API key can use those models outside your governance framework. No audit trail, no DLP, no access controls."
Not in Kishore's five objectives — delivered anyway. The agent compared governed models against Anthropic's external API and found ungoverned model access. This demonstrates the architecture extends beyond the platform. Sprint 2 connects to each platform's admin APIs for actual usage data.
"Overall governance score: 3.8 out of 10. High risk. But that's the starting point, not the verdict. Run this agent weekly, and you see the trend. That's continuous governance, not a one-time assessment."
Proves the output is measurable and repeatable. A single number that tracks over time. This is the mechanism for continuous governance — not an audit report you file once, but a living metric. The baseline is set; Sprint 2 adds the trend line.
"Five prioritized actions. Two need to happen now. This entire analysis — 286 agents, 45 integrations, cross-platform model comparison — completed in under four minutes. Sprint two, we co-develop it with your team."
Closes the narrative. The PoC isn't a slide deck — it ran against live data in under 4 minutes and produced actionable output. The co-develop call isn't a pitch; it's the natural next step because the foundation already works.
Objectives 1 and 2 are proved with real production data. Not mocked, not simulated — real agents, real integrations, real findings.
Objectives 3 and 4 show awareness — the agent identifies configuration gaps and policy violations, but true change detection (baseline + diff) is Sprint 2 scope.
Objective 5 (multi-tenant isolation) requires runtime audit log access that isn't available via the current API surface. That's co-develop territory.
The cross-platform governance (Segment 8) wasn't even asked for — we delivered it because the architecture made it natural.
Position it as: "Proof that the platform has the telemetry and the agent architecture to do governance monitoring" — not "production-ready detection system." The gaps are exactly the scope of the co-develop.