PV-PP Agent Auditor

A structured audit tool for reviewing AI agents, custom GPTs, workflows, and tool-using automation before they are expanded, delegated authority, or relied on in higher-risk settings.

The PV-PP Agent Auditor helps identify gaps between what an AI agent appears able to do and what its surrounding workflow can actually support safely, reliably, and recoverably.

It reviews purpose, users, tools, permissions, information sources, decisions, failure impact, feedback loops, escalation paths, and weak points. It does not certify safety. It surfaces risks, hidden assumptions, false-success patterns, and missing recovery corridors.

Why a demo case? Many organizations will not upload proprietary workflows, prompts, policy files, customer data, or internal control documents just to test a new audit tool. The Northbridge demo uses fictional company materials so users can experience the audit process without exposing sensitive information.

Interactive Demo: Northbridge AI Agent Audit

Northbridge is a fictional company with a fictional AI agent environment. The demo lets you download sample materials, re-upload them into the auditor, answer the intake questions, and generate a realistic audit report.

Step 1 — Download the sample materials

These files represent a fictional agent workflow, operating rules, tool permissions, escalation process, and one sample agent record.

Step 2 — Upload the files to the auditor

Open the PV-PP Agent Auditor, upload the Northbridge files, and ask it to run the audit. The auditor will inspect the documents first, then ask only the remaining questions needed to complete the assessment.

Step 3 — Generate or view the report

The generated report should show how the auditor identifies PP vs PPP gaps, exposed governing domains, tool and permission risks, memory/retrieval risks, weak escalation corridors, false-success patterns, and practical recommendations.

What It Audits

  • Agent purpose, scope, and intended outputs
  • Users, affected parties, and downstream reliance
  • Tools, APIs, files, accounts, and permissions
  • Memory, retrieval, stored context, and stale-state risks
  • Decisions, recommendations, classifications, and actions
  • Feedback, correction, oversight, escalation, and rollback
  • False-success risks where visible task completion improves while hidden risk increases

Why It Matters

Agent systems can look capable because they produce fluent answers, classify cases, or trigger tools. That does not mean they understand authority boundaries, stale information, missing evidence, downstream reliance, or recovery needs.

The auditor focuses on the gap between apparent capability and supported capability: where an agent may seem ready to act, but the surrounding workflow, permissions, evidence, oversight, or recovery structure does not actually support unsupervised use.

Best First Uses

  • Reviewing a custom GPT before broader internal use
  • Testing an agent workflow before adding tool permissions
  • Checking whether a human-in-the-loop process is real or only formal
  • Finding weak escalation, rollback, logging, or review paths
  • Preparing a pilot risk review before deployment

What It Does Not Do

  • It does not certify an agent as safe
  • It does not verify production systems directly
  • It does not replace legal, security, compliance, medical, or financial review
  • It does not prove that an agent is ready for unsupervised execution
  • It gives a structured risk interpretation based on supplied materials