The evidence, in one place.
In a category built on trust, we'd rather you verify. This page collects what we can show today: how the CAI Score works, where agents run, what data we do and do not process, who our subprocessors are, and how to reach us about security. Where we don't yet have something (a third-party attestation, a public customer story) we say so instead of implying otherwise.
The CAI Score methodology
The CAI Score is a certification framework for AI agents: a five-tier risk classification that defines exactly how much an agent does on its own and where a named human stays accountable, then evidences it for audit. Read it from the bottom up: the higher the tier, the more an agent can do, and the more human oversight, logging and accountability the framework builds in around it.
L1 · Assist
Informs and answers. Takes no action and changes no record. The human does the work; the agent just makes it faster to find and understand. Human role: does everything.
L2 · Draft
Produces a work product (a document, a query, a report, an outreach message) for a human to review and approve. Nothing the agent makes is used until a person signs off. Human role: reviews & approves.
L3 · Operate
Executes routine, low-risk actions inside a bounded workflow, classify, route, fulfil, log. Exceptions and anything unusual are handed to a human. Every action is time-stamped. Human role: owns exceptions.
L4 · Decide (supervised)
Supports decisions and controls in higher-stakes processes, compliance, contracts, security, four-eyes. A named human remains accountable for the call; the agent assists and evidences it. Built for high-risk-process scrutiny. Human role: stays accountable.
L5 · Autonomous
Acts independently within hard, pre-approved guardrails. Reserved for the highest level of certification, and not used by any agent in this catalogue today. Human role: sets the rails.
The current catalogue ships at L2-L4. L4 agents require senior sign-off before go-live. Classifications are assigned by Colleague AI under this framework; no external assessor is engaged yet, and we don't claim third-party attestations we do not hold.
Architecture: where agents run, where data lives
Agents execute inside your own Microsoft Copilot Studio, Power Automate and Azure estate: your tenant, your identity model, your data boundary. Colleague AI hosts only the governance control plane: scores, policies and audit metadata. No customer business data is processed on our side. Every agent action in your tenant is logged, time-stamped and attributable, designed to support governance and legal review against frameworks such as the EU AI Act, DORA and ISO/IEC 42001.
Enterprise deployment proof points
ColleagueAI is positioned as a governed agent-package layer, not a shared SaaS workspace for customer business content. In a standard enterprise deployment, the customer controls the tenant, identity boundary, data sources, model endpoint, runtime configuration and audit evidence.
- Customer-controlled data plane: agents are designed to operate against the customer’s Microsoft/cloud estate.
- RBAC and data lineage: retrieval patterns should respect existing user permissions.
- Governance before automation: each package is mapped to a CAI autonomy tier, human oversight pattern and audit evidence expectation.
What this website itself processes
- Live demo (/demo): the messages you type are sent to Anthropic's API to generate responses, with per-IP and global rate limits. Don't paste confidential data into the demo.
- Purchases: payment is handled entirely by Stripe; we never see card details. After a purchase we store your email, the licensed agent slugs and the Stripe session id, so we can release downloads to you.
- Downloads: agent packages are delivered through signed, time-limited URLs (15-minute expiry).
- ROI calculator & readiness check: run entirely in your browser; nothing is sent or stored.
- Partner links: a partner code from a referral link is kept in your browser (30 days) and attached to a purchase for commission attribution.
Subprocessors
| Provider | Purpose | Data involved |
|---|---|---|
| Vercel | Website hosting, edge network, web analytics | Standard request logs, anonymous usage metrics |
| Stripe | Payment processing | Payment details (held by Stripe), buyer email |
| Upstash | Key-value store for entitlements and partner records | Buyer email, licensed agent slugs, partner codes |
| Anthropic | LLM responses for the live demo | Demo conversation text |
| Cloudflare R2 | Storage and delivery of purchased agent packages | Package files (no personal data) |
| Sentry | Error monitoring | Technical error context; text is masked in session diagnostics |
| Plausible | Privacy-first analytics | Anonymous, cookieless usage statistics |
| Google Fonts | Web fonts | Standard font requests |
Security practices
- TLS everywhere with HTTP Strict Transport Security (2-year max-age, preload) and a Content-Security-Policy restricting where code and content can load from, plus nosniff, frame-ancestors, referrer and permissions policies.
- Stripe webhooks are verified against their cryptographic signature with replay-window enforcement, processed idempotently (a redelivered event can never double-apply), and storage failures cause retries rather than silent loss.
- Commission attribution is gated: only registered partner codes are credited, and referral values are sanitized before storage.
- Secrets live in the hosting platform's environment configuration, never in code, never in the client bundle (verified by an automated scan on every build).
- Responsible disclosure: see security.txt or write to hello@colleagueai.ai. We respond to good-faith reports and won't pursue researchers acting in good faith.
Pilot programme
We're onboarding pilot customers now. Every engagement starts the same way the catalogue promises: the agent is validated on your own cases before go-live, its ROI is quantified up front, and the governance evidence is produced from day one, so your first deployment is also your proof. If you want to be one of the proofs we publish here, that's the deal: you get the pilot terms, we get the (anonymised, approved-by-you) case study.
Token metadata, not business content
CAI Token Economy Monitor: control AI cost before it scales.
ColleagueAI agent packages can include client-owned token economy monitoring that runs inside the client environment. The purpose is to help customers understand token consumption, estimated model/API cost, retries, oversized context, expensive model choices, and optimisation opportunities, while keeping prompts, outputs, documents, and business content out of ColleagueAI systems.
Designed to capture
- Agent ID, workflow, CAI tier, model used, and run timestamp
- Input tokens, output tokens, estimated cost, and budget indicators
- Success, failure, retry, exception, and approval status
- High-token workflows, repeated waste, and oversized context signals
- Optimisation recommendations for prompt patterns, model tier, and context size
Designed not to capture
- Customer prompt content
- Agent output content
- Business documents or transaction records
- Personal data or sensitive client data
- Confidential customer business logic
The result is practical AI cost governance: users understand their own consumption, finance sees cost before it becomes uncontrolled, and leadership can scale the agents that deliver measurable value.