Breeze Agents
EnterpriseHubSpot
Product overview
Name of Agent: Breeze Agents
Who is using it?: (https://www.hubspot.com/products/artificial-intelligence/case-studies, archived)
Category: Enterprise
Company & accountability
Developer: HubSpot
Place of legal incorporation: Massachusetts, U.S.A.
For profit company?: Yes
Parent company?: Not applicable
Technical capabilities & system architecture
Memory architecture: None found
User interface and interaction design: Customer agent has chatbot interface, but generally agents run asynchronously in the background. User interface for designing agent
User roles: Designer (customised the default agents in Breeze Studio), Operator (if not trigger based), Executor in the pipeline of the CRM
Component accessibility: Closed source
Autonomy & control
Autonomy level and planning depth: L1-3, initial base prompt template with instructions (link, archived) (user just fills in specific text fields depending on the templated agent. e.g for the prospecting agent, the user enters the type of product they wish to sell),
Resulting agent either triggered with user input (e.g. the name of the company to research and report on, L2)
or triggered automatically (link, archived) (e.g. when data changes, emails are sent, interactions with content, or code triggers) in which case there is no user involvement beyond the initial specification (L5?)
User approval requirements for different decision types: The user can choose whether actions should require approval or not during agent creation. The default is that approval is required.
If automatically triggered agents, there is no user approval.
If agent in chat interface, then the user can accept changes. No control over what tools are called during agent interaction, this is only specified in the design phase of the agent.
Emergency stop and shut down mechanisms and user control: Doesn't seem to be an option to stop once the agent is running. The entire agent can be paused (this is not necessarily an instance of an agent but the system as a whole).
Ecosystem interaction
Identify to humans?: By default none, although Breeze Customer Agent (part of HubSpot Breeze Agents) identifies itself as AI to external chat visitors by showing a “Powered by AI” label in the chat widget header when it replies (https://knowledge.hubspot.com/chatflows/create-a-customer-agent, archived)
Identifies technically?: None
Web conduct: None found, Breeze Agents are positioned as “in-product” agents that work “throughout HubSpot,” suggesting they typically operate within HubSpot workflows rather than as a general-purpose web-browsing/scraping tool (link
, archived)HubSpot documentation reviewed does not specify whether any “public web research” feature performs direct crawling/scraping or how it handles robots.txt compliance (Not available) (link, archived)
Safety, evaluation & impact
Sandboxing and containment approaches: None found
Third-party testing, audits, and red-teaming: Yes, penetration testing by PacketLabs (link, archived) found low risk in LLM usage "4.2.1 Prompt Injection
A 4.2.2 System Prompt Disclosure
A 4.2.3 Permission Propagation Delay: Disclosure of
Restricted Properties
A 4.2.4 Data Poisoning
A 4.2.5 LLM Jailbreak" Everything except for prompt injection was remediated. (Source behind NDA, file:
HubSpot Application Pen Test Report 2025.pdf)
Uses PromptArmor (link, archived)
Any known incidents?: None found