Breeze Agents

Enterprise

HubSpot

Product overview

Name of Agent: Breeze Agents

Short description of agent: "AI-powered teammates designed to automate workflows, from planning to execution" (link, archived)

Date of release: 01/09/2025 (link, archived)

Advertised use: "always-on teammates", "marketing, sales, and customer service to handle the repetitive stuff", Customer, prospecting, sales, knowledge work (source, archived)

Monetisation/Usage price: available in Professional and Enterprise editions of HubSpot’s customer platform: Pro: 216 Enter: 587 (link, archived)

Who is using it?: (https://www.hubspot.com/products/artificial-intelligence/case-studies, archived)

Website: (https://www.hubspot.com/products/artificial-intelligence/breeze-ai-agents, archived)

Category: Enterprise

Company & accountability

Developer: HubSpot

Name of legal entity: HubSpot, Inc (link, archived)

Place of legal incorporation: Massachusetts, U.S.A.

For profit company?: Yes

Parent company?: Not applicable

Governance documents analysis: Customer ToS (link, archived)AI specific policy (link, archived)Acceptable Use Policy (link, archived)Privacy Policy (link, archived)

AI safety/trust framework: Trust Center (link, archived)Model cards (link, archived)

Compliance with existing standards: CCPA EU Cloud COC GDPR HIPAA SOC 2 SOC 3 TRUSTe (link, archived)

Technical capabilities & system architecture

Model specifications: Exact model depends on the type of agent. User cannot choose the exact model OpenAI GPT 4.1 mini, GPT-4o Mini, OpenAI 4.1, GPT-4o Stable Diffusion 3.5 Large (link, archived)

Documention: (Descriptions of the pre-made agents in the marketplace., archived) (https://knowledge.hubspot.com/ai/use-assistants-and-agents-in-breeze-studio?hubs_content=knowledge.hubspot.com/ai/use-breeze&hubs_content-cta=using-agents-and-assistants-in-breeze-studio#use-agents, archived)

Observation space: Hubspot CRM, knowledge vaults, Uploaded content, also external APIs such as Semrush, (link, archived) MCP (link, archived)

Action space: Hubspot CRM (e.g. resetting user passwords, editing data fields, possibly publishing social media posts), exact list of tools (Unknown), MCP (link, archived), Tools API, Web browsing (link, archived) (not specified further, might not be available yet)

Memory architecture: None found

User interface and interaction design: Customer agent has chatbot interface, but generally agents run asynchronously in the background. User interface for designing agent

User roles: Designer (customised the default agents in Breeze Studio), Operator (if not trigger based), Executor in the pipeline of the CRM

Component accessibility: Closed source

Autonomy & control

Autonomy level and planning depth: L1-3, initial base prompt template with instructions (link, archived) (user just fills in specific text fields depending on the templated agent. e.g for the prospecting agent, the user enters the type of product they wish to sell), Resulting agent either triggered with user input (e.g. the name of the company to research and report on, L2) or triggered automatically (link, archived) (e.g. when data changes, emails are sent, interactions with content, or code triggers) in which case there is no user involvement beyond the initial specification (L5?)

User approval requirements for different decision types: The user can choose whether actions should require approval or not during agent creation. The default is that approval is required. If automatically triggered agents, there is no user approval. If agent in chat interface, then the user can accept changes. No control over what tools are called during agent interaction, this is only specified in the design phase of the agent.

Execution monitoring, traces, and transparency: Live chain of thought with tool calls (link, archived)

Emergency stop and shut down mechanisms and user control: Doesn't seem to be an option to stop once the agent is running. The entire agent can be paused (this is not necessarily an instance of an agent but the system as a whole).

Usage monitoring and statistics and patterns: Performance tab for agents shows metrics as defined by the user through reports. (link, archived)

Ecosystem interaction

Identify to humans?: By default none, although Breeze Customer Agent (part of HubSpot Breeze Agents) identifies itself as AI to external chat visitors by showing a “Powered by AI” label in the chat widget header when it replies (https://knowledge.hubspot.com/chatflows/create-a-customer-agent, archived)

Identifies technically?: None

Interoperability standards and integrations: - MCP support, own tools API ((link, archived), (link, archived))

Web conduct: None found, Breeze Agents are positioned as “in-product” agents that work “throughout HubSpot,” suggesting they typically operate within HubSpot workflows rather than as a general-purpose web-browsing/scraping tool (link , archived)HubSpot documentation reviewed does not specify whether any “public web research” feature performs direct crawling/scraping or how it handles robots.txt compliance (Not available) (link, archived)

Safety, evaluation & impact

Technical guardrails and safety measures: uses PurpleLlama as a Model Protection Layer (link, archived)In Breeze Studio, agent actions are constrained by enabled tools and required user permissions (tool/permission scoping as a guardrail) (link, archived)

Sandboxing and containment approaches: None found

What types of risks were evaluated?: Red teaming of "jailbreaks, cybersecurity, harmful content, data leakage, model manipulation, responsible AI" No further details, or who provided this red teaming. (link, archived)

(Internal) safety evaluations and results: Red teaming of "jailbreaks, cybersecurity, harmful content, data leakage, model manipulation, responsible AI" No further details, or who provided this red teaming. (link, archived)

Third-party testing, audits, and red-teaming: Yes, penetration testing by PacketLabs (link, archived) found low risk in LLM usage "4.2.1 Prompt Injection A 4.2.2 System Prompt Disclosure A 4.2.3 Permission Propagation Delay: Disclosure of Restricted Properties A 4.2.4 Data Poisoning A 4.2.5 LLM Jailbreak" Everything except for prompt injection was remediated. (Source behind NDA, file: HubSpot Application Pen Test Report 2025.pdf) Uses PromptArmor (link, archived)

Benchmark performance and demonstrated capabilities: Not exactly, but tests against OWASP LLM Top 10 (link, archived). Also evaluation of underlying models (link, archived) (again unclear by whom and under which circumstances)

Bug bounty programmes and vulnerability disclosure: Yes (link, archived), one month average time to close bug

Any known incidents?: None found

← Back to 2025 Index