Use Cases/Sales Agents

Your AI SDR just offered a 90% discount.

In December 2023, a Chevrolet dealership's AI chatbot agreed to sell a $76,000 Tahoe for $1. The incident went viral with 20 million views. The bot had no pricing authority policy. Veto makes sure your sales agents can never make that mistake.

Start free Learn about guardrails

What are sales AI agent guardrails?

Sales AI agent guardrails are runtime authorization policies that intercept CRM operations, pricing decisions, and customer communications before execution. They enforce discount ceilings, protect customer PII, and prevent unauthorized commitments. The policies operate independently of the agent's reasoning and cannot be bypassed through prompt injection or model manipulation.

The cost of uncontrolled sales agents

IBM's 2025 Cost of a Data Breach Report found that 97% of organizations that experienced AI-related breaches lacked basic access controls. Shadow AI breaches cost an average of $670,000 more than traditional incidents. In sales, the failure modes are specific and financially devastating.

Unauthorized pricing

A Chevrolet dealership's AI chatbot agreed to sell a $76,000 Tahoe for $1 after a prompt injection attack. The bot had no pricing authority boundaries. Emergency patches were deployed across 300 dealership sites within 48 hours.

CRM data exposure

In August 2025, attackers breached Salesloft's platform via Drift's Salesforce integration, extracting contacts and support case data from 700+ organizations including Cloudflare, Palo Alto Networks, and Zscaler.

PII compliance risk

Security researchers demonstrated AI agents revealing complete Salesforce records through conversational manipulation. GDPR fines reach 4% of global annual revenue. CCPA violations carry penalties of $7,500 per intentional violation.

Four authorization boundaries every sales agent needs

These are the guardrail patterns we see organizations implement when deploying AI agents for prospecting, outreach, and deal management.

CRM write authority

Restrict which records agents can create, update, or delete. Allow lead creation but block modifications to closed-won opportunities. Require approval for account merges, territory reassignments, or any write to a record owned by another rep. Prevent bulk operations that could corrupt your single source of customer truth.

Pricing authority

Enforce discount ceilings by product tier, customer segment, and deal size. Block discounts on already-discounted products to prevent stacking. Route enterprise deal pricing (above $50K) to sales management for approval. Cap maximum discount at the rep's authorized tier regardless of what the agent reasons.

Communication guardrails

Block emails to competitors, legal counsel, or C-suite executives without approval. Require review for messages containing pricing, contract terms, or legal commitments. Enforce CAN-SPAM opt-out compliance and unsubscribe handling. Prevent agents from making contractual promises the company cannot honor.

Contact data protection

Protect high-value contacts from mass outreach. Restrict which fields agents can read or write. Enforce territory rules and account ownership. Block bulk exports of contact lists. Redact PII from agent context when it is not needed for the task.

Pricing authority and CRM write policies

Define policies that intercept CRM tool calls and enforce authorization rules before any action executes. These policies prevent the Chevrolet-style failure mode where an agent can commit to arbitrary pricing.

veto-policy.yamlyaml

name: sales-agent-guardrails
description: CRM access control and pricing authority

rules:
  # Protect closed deals from modification
  - name: protect-closed-deals
    tools: ["crm_update_opportunity", "crm_delete_opportunity"]
    condition: "args.stage in ['Closed Won', 'Closed Lost']"
    action: deny
    response:
      error: "Cannot modify closed opportunities"

  # Discount ceiling enforcement by tier
  - name: discount-ceiling-tier1
    tools: ["apply_discount", "create_quote"]
    condition: "args.product_tier == 'enterprise' and args.discount_percent > 15"
    action: require_approval
    constraints:
      approver_role: "sales_manager"
      timeout: "4h"
    response:
      message: "Enterprise product discounts above 15% require manager approval"

  - name: discount-ceiling-standard
    tools: ["apply_discount", "create_quote"]
    condition: "args.discount_percent > 25"
    action: deny
    response:
      error: "Maximum discount is 25%. Contact sales leadership for exceptions."

  # Enterprise deal pricing requires approval
  - name: enterprise-deal-review
    tools: ["apply_discount", "create_quote", "send_proposal"]
    condition: "args.deal_value > 50000 and args.discount_percent > 0"
    action: require_approval
    constraints:
      approver_role: "vp_sales"
    response:
      message: "Deals over $50K with discounts require VP approval"

  # Prevent discount stacking
  - name: no-discount-stacking
    tools: ["apply_discount"]
    condition: "args.existing_discount > 0"
    action: deny
    response:
      error: "Cannot stack discounts. Remove existing discount first."

  # Block CRM record deletion
  - name: no-record-deletion
    tools: ["crm_delete_contact", "crm_delete_account", "crm_delete_opportunity"]
    action: deny
    response:
      error: "AI agents cannot delete CRM records"

  # Email guardrails
  - name: block-competitor-outreach
    tools: ["send_email"]
    condition: "args.recipient_domain in context.competitor_domains"
    action: deny
    response:
      error: "Cannot email competitor domains"

  - name: pricing-email-review
    tools: ["send_email"]
    condition: "args.contains_pricing or args.contains_contract_terms"
    action: require_approval
    constraints:
      approver_role: "sales_manager"
    response:
      message: "Outbound emails with pricing or contract terms require review"

  # Contact data protection
  - name: block-bulk-export
    tools: ["crm_export_contacts", "crm_bulk_query"]
    condition: "args.record_count > 100"
    action: deny
    response:
      error: "Bulk contact exports are not permitted for AI agents"

  # Territory enforcement
  - name: territory-isolation
    tools: ["crm_update_contact", "crm_update_account", "send_email"]
    condition: "args.account_territory != context.rep_territory"
    action: deny
    response:
      error: "Cannot modify records outside assigned territory"

This policy is evaluated in-process before any tool executes. The agent receives a structured denial or approval-pending response. No CRM modification, email, or pricing commitment can bypass these boundaries.

Build vs buy for sales AI guardrails

Capability	DIY	Veto
Discount ceiling enforcement
CRM field-level access control
Territory isolation
Email content review policies
Manager approval workflows
Audit trail for every decision
Prompt injection resistance
Time to production	2-4 months	1 day

Related use cases

Customer Support

Response validation and data access controls

Enterprise Agents

SSO, audit trails, and role-based access

Financial Agents

Transaction limits and approval workflows

Frequently asked questions

How do sales AI agent guardrails prevent unauthorized pricing?

Guardrails intercept discount and quote tools before execution. Policies enforce maximum discount percentages by product tier and deal size, require manager approval above thresholds, and block discount stacking. The authorization decision happens outside the agent's reasoning loop — the model cannot talk its way past a policy boundary, even under prompt injection.

Can guardrails protect specific CRM fields from AI access?

Yes. Policies restrict read and write access at the field level. You can allow agents to read contact names while blocking access to contract values, or permit updating lead status while protecting the account owner field. Field-level controls are fully configurable per agent role and territory.

How do guardrails handle PII in sales automation?

Guardrails redact or block PII from being included in agent context when it is not needed for the task. Policies enforce data minimization by restricting which CRM fields agents can access. Email guardrails prevent PII leakage in automated outreach. All access is logged for GDPR and CCPA compliance audits.

What happens when a sales policy requires approval?

When a policy triggers an approval requirement (e.g., a discount above the rep's authority), the tool call is paused and routed to your approval queue. Approvers see the full context: agent reasoning, proposed action, deal details, and the policy that flagged it. Once approved or denied, the agent receives the decision and continues.

Do sales guardrails work with Salesforce, HubSpot, and other CRMs?

Guardrails work at the tool-call level, independent of your CRM. Whether you use Salesforce, HubSpot, Pipedrive, or a custom system, you wrap your existing CRM tools with the Veto SDK. The agent's code does not change. Authorization happens transparently on every tool call.

Your CRM is your revenue system. Treat it like one.

Start free View on GitHub Talk to us