Use Cases/Sales Agents

Your AI SDR offered a 90% discount.

Sales agents can draft discounts, update CRM fields, and send proposals faster than a manager can review the thread. Without a pricing authority policy, a helpful answer can become a quote the business never meant to offer. Veto puts the discount ceiling before the proposal leaves.

Sign upRead the control pattern

What are sales AI agent guardrails?

Sales AI agent guardrails are runtime authorization policies that intercept CRM operations, pricing decisions, and customer communications before execution. They enforce discount ceilings, protect customer PII, and block unauthorized commitments. The decision is not delegated to prompt text or model self-reporting.

The cost of uncontrolled sales agents

Sales agents do not fail in the abstract. They over-discount, write the wrong CRM field, promise contract terms they cannot honor, and send customer data to the wrong account. The control has to sit before the CRM write, quote, or proposal leaves the agent.

Unauthorized pricing

A sales agent drafts a discount outside its authority and pushes it into the quote system. By the time a manager sees the thread, the customer already has a number. Veto checks pricing authority before the quote is created.

CRM data exposure

In August 2025, Google reported a Salesloft Drift OAuth-token campaign against Salesforce customer instances through compromised OAuth tokens associated with Salesloft Drift. It is the pattern that matters for sales agents: tokens and integrations can turn CRM access into bulk export.

PII compliance risk

Security researchers demonstrated AI agents revealing complete Salesforce records through conversational manipulation. GDPR fines reach 4% of global annual revenue. CCPA violations carry penalties of $7,500 per intentional violation.

Four authorization boundaries every sales agent needs

These are the guardrail patterns we see organizations implement when deploying AI agents for prospecting, outreach, and deal management.

CRM write authority

Restrict which records agents can create, update, or delete. Allow lead creation but block modifications to closed-won opportunities. Require approval for account merges, territory reassignments, or any write to a record owned by another rep. Gate bulk operations that could corrupt your single source of customer truth.

Pricing authority

Enforce discount ceilings by product tier, customer segment, and deal size. Block discounts on already-discounted products to prevent stacking. Route enterprise deal pricing (above $50K) to sales management for approval. Cap maximum discount at the rep's authorized tier regardless of what the agent reasons.

Communication guardrails

Block emails to competitors, legal counsel, or C-suite executives without approval. Require review for messages containing pricing, contract terms, or legal commitments. Enforce CAN-SPAM opt-out compliance and unsubscribe handling. Block agents from making contractual promises the company cannot honor.

Contact data protection

Protect high-value contacts from mass outreach. Restrict which fields agents can read or write. Enforce territory rules and account ownership. Block bulk exports of contact lists. Redact PII from agent context when it is not needed for the task.

Pricing authority and CRM write policies

Define policies that intercept CRM tool calls and enforce authorization rules before any action executes. These policies target the failure mode where an agent can commit to arbitrary pricing.

veto-policy.yaml
name: sales-agent-guardrails
description: CRM access control and pricing authority

rules:
  # Protect closed deals from modification
  - name: protect-closed-deals
    tools: ["crm_update_opportunity", "crm_delete_opportunity"]
    condition: "args.stage in ['Closed Won', 'Closed Lost']"
    action: deny
    response:
      error: "Cannot modify closed opportunities"

  # Discount ceiling enforcement by tier
  - name: discount-ceiling-tier1
    tools: ["apply_discount", "create_quote"]
    condition: "args.product_tier == 'enterprise' and args.discount_percent > 15"
    action: require_approval
    constraints:
      approver_role: "sales_manager"
      timeout: "4h"
    response:
      message: "Enterprise product discounts above 15% require manager approval"

  - name: discount-ceiling-standard
    tools: ["apply_discount", "create_quote"]
    condition: "args.discount_percent > 25"
    action: deny
    response:
      error: "Maximum discount is 25%. Escalate to sales leadership for exceptions."

  # Enterprise deal pricing requires approval
  - name: enterprise-deal-review
    tools: ["apply_discount", "create_quote", "send_proposal"]
    condition: "args.deal_value > 50000 and args.discount_percent > 0"
    action: require_approval
    constraints:
      approver_role: "vp_sales"
    response:
      message: "Deals over $50K with discounts require VP approval"

  # Prevent discount stacking
  - name: no-discount-stacking
    tools: ["apply_discount"]
    condition: "args.existing_discount > 0"
    action: deny
    response:
      error: "Cannot stack discounts. Remove existing discount first."

  # Block CRM record deletion
  - name: no-record-deletion
    tools: ["crm_delete_contact", "crm_delete_account", "crm_delete_opportunity"]
    action: deny
    response:
      error: "AI agents cannot delete CRM records"

  # Email guardrails
  - name: block-competitor-outreach
    tools: ["send_email"]
    condition: "args.recipient_domain in context.competitor_domains"
    action: deny
    response:
      error: "Cannot email competitor domains"

  - name: pricing-email-review
    tools: ["send_email"]
    condition: "args.contains_pricing or args.contains_contract_terms"
    action: require_approval
    constraints:
      approver_role: "sales_manager"
    response:
      message: "Outbound emails with pricing or contract terms require review"

  # Contact data protection
  - name: block-bulk-export
    tools: ["crm_export_contacts", "crm_bulk_query"]
    condition: "args.record_count > 100"
    action: deny
    response:
      error: "Bulk contact exports are not permitted for AI agents"

  # Territory enforcement
  - name: territory-isolation
    tools: ["crm_update_contact", "crm_update_account", "send_email"]
    condition: "args.account_territory != context.rep_territory"
    action: deny
    response:
      error: "Cannot modify records outside assigned territory"

This policy is evaluated in-process before a governed tool executes. The agent receives a structured denial or approval-pending response. No CRM modification, email, or pricing commitment can cross these boundaries.

Build vs buy for sales AI guardrails

CapabilityDIYVeto
Discount ceiling enforcement
CRM field-level access control
Territory isolation
Email content review policies
Manager approval workflows
Decision record for governed decisions
Prompt injection resistance
Time to production2-4 months1 day

Related use cases

Customer Support

Response validation and data access controls

Enterprise Agents

SSO, decision records, and role-based access

Financial Agents

Transaction limits and approval workflows

Frequently asked questions

How do sales AI agent guardrails block unauthorized pricing?
Guardrails intercept discount and quote tools before execution. Policies enforce maximum discount percentages by product tier and deal size, require manager approval above thresholds, and block discount stacking. The authorization decision happens outside the agent's reasoning loop, so prompt injection does not control the policy verdict.
Can guardrails protect specific CRM fields from AI access?
Yes. Policies restrict read and write access at the field level. You can allow agents to read contact names while blocking access to contract values, or permit updating lead status while protecting the account owner field. Field-level controls can be configured per agent role and territory.
How do guardrails handle PII in sales automation?
Guardrails redact or block PII from being included in agent context when it is not needed for the task. Policies enforce data minimization by restricting which CRM fields agents can access. Email policies block PII leakage in automated outreach. Governed access is recorded for privacy review.
What happens when a sales policy requires approval?
When a policy triggers an approval requirement (e.g., a discount above the rep's authority), the tool call is paused and routed to your approval queue. Approvers see the decision context: relevant agent output if passed by the integration, proposed action, deal details, and the policy that flagged it. Once approved or denied, the agent receives the decision and continues.
Do sales guardrails work with Salesforce, HubSpot, and other CRMs?
Guardrails work at the tool-call level, independent of your CRM. Whether you use Salesforce, HubSpot, Pipedrive, or a custom system, you wrap your existing CRM tools with the Veto SDK. The policy check sits at the CRM-tool boundary and runs before each governed tool call.

Your CRM is your revenue system. Treat it like one.

Sign upRead docsBook a call