Security and trust
The agent can only view or act on objects that the current logged-in user has permission to access within Hyperproof.
Control and label names, descriptions, and document or image content are used only to generate suggestions and findings within your session and are not retained or used for model training.
All integration credentials are handled through Hyperproof’s existing secure connection framework.
All actions taken from AI suggestions (such as creating a Hypersync or linking objects) are logged in the Hyperproof activity feed for traceability and auditability.
AI Evidence Collection Agent
The AI Evidence Collection Agent guides you through configuring automated evidence collection on a control or label. It reads the name and description of the control or label to identify what type of evidence is needed, recommends appropriate Hypersyncs and proof types, and walks you through setup via a guided conversation in the AI panel.
How to access the Evidence Collection Agent
There are two ways to start the AI Evidence Collection Agent:
From a control or label
Open any control or label in Hyperproof. In the top-right corner of the navigation, click the Hyperproof AI icon to open the side chat panel.
In the panel, select Automate proof collection on this control or Automate proof collection on this label to launch the guided workflow.
Type a natural language request directly into the AI panel—for example, “gather proof for this control”—and the agent will recognize your intent and start the same workflow.
From the Overview tab
Select Automate proof collection on the AI widget on the Overview tab to get a centralized view of controls that do not yet have evidence attached.
Select one or more controls and trigger the agent without navigating to each control individually.
How it works
Intelligent evidence discovery
The agent analyzes your compliance controls to determine the required evidence category (e.g., access configurations, security policies, or audit logs), and recommends the most appropriate Hypersync proof type and integration. It prioritizes data sources your organization already has connected, reducing the overhead of introducing new systems.
Credential bottleneck resolution
When credentials are needed to set up a new integration, the agent generates a pre-formatted request message for your IT or Security Admin. This message includes a description of what is needed and direct links to Hyperproof's per-application permissions documentation, so your team can respond accurately the first time. Once the credential issue is resolved, the agent resumes the setup workflow exactly where it left off.
Note: Due to authentication and authorization requirements, the agent only guides selections and workflow. All actions, including connecting integrations and configuring automations, require explicit user confirmation.
No dead-end workflows
If a native Hypersync connector is not available for the application you need, the agent does not stop the process. Instead, it automatically pivots to suggest a LiveSync setup (for cloud storage and document-based systems such as Google Drive, SharePoint, or Box) or an AI-generated Repeating Task with step-by-step instructions for manual evidence collection. This ensures that every control has an evidence collection path, whether automated or structured.
Reusable label management
Labels in Hyperproof allow evidence to be shared across multiple controls, eliminating redundant collection work. The Evidence Collection Agent is designed to take advantage of this from the start of the setup process:
If the starting point is a control, the agent automatically creates a new label and sets up the Hypersync on it. The label is named after the Hypersync’s application and proof type, and the description indicates that it was created by AI.
If the starting point is a label, the agent uses the existing label and sets up the Hypersync on it.
In both cases, once the Hypersync is configured on the label, the agent suggests other relevant controls to apply the proof to, so the same evidence source immediately begins covering your broader control set without additional setup.
Note: Data privacy - Control language from your organization is used only to generate suggestions within your session. It is never shared externally or used to train models.
AI Evidence Validation Agent
The AI Evidence Validation Agent checks whether collected evidence is accurate, complete, and likely to satisfy auditor expectations. It provides two validation paths: a pre-built test library for structured Hypersync data, and AI-powered analysis for document and image evidence.
Note: Controls and labels - All AI Evidence Validation Agent features work identically on both controls and labels. Anywhere this documentation refers to a control, the same steps apply when working from a label.
How to access the Evidence Validation Agent
There are two ways to start the AI Evidence Validation Agent:
From a control or label
Open any control or label in Hyperproof. In the top-right corner of the navigation, click the Hyperproof AI icon to open the side chat panel.
In the panel, select “Test this control” (or “Test this label”) to launch the validation workflow.
You can also type a natural language request into the AI panel—for example, “help me validate the evidence on this control.”
From the Overview tab
Select Test evidence on the AI widget on the Overview tab to provide a centralized view of controls and labels with existing proof.
Select one or more items and run validation checks at scale before an audit by invoking the agent directly.
How it works
Pre-built validation test library
When a Hypersync is connected to a control and proof has been imported, the agent presents pre-built validation tests matched to the specific service and proof type. Each test checks whether specific fields are populated and whether key values meet expected conditions. Select one or more tests to add them to your control. All tests are fully customizable after creation.
For example, if your control has an Okta user list attached, the agent locates tests such as MFA Enrollment Verification and Minimum Password Length, which are pre-configured baseline checks you can add with a single click and adjust to match your organization’s specific thresholds. These tests use our baseline Automated Control Testing functionality.
The test library currently supports the following services:
Service | Supported proof types |
AWS | S3 bucket configurations, VPCs, subnets, running instances, IAM users with MFA settings, backup jobs |
CrowdStrike | Sensor update policies, endpoint detections, prevention policies |
GitHub | Organization members, repository admins |
Jamf | Computer inventory, device groups, configuration profiles, mobile devices, policy configurations |
Jira | Issue lists (approvals, incident tracking, resolution status, assignment) |
KnowBe4 | Phishing security test results, training activity records |
Microsoft Entra ID | Group membership and group definitions |
Microsoft Intune | Device inventory and compliance status |
Okta | User lists, group membership, password policies, application assignments, API tokens, device enrollment |
For the full list of Hypersync proof types and tests that we support, see Hyperproof AI - Test validation library.
AI-powered document and image analysis
For document or image evidence (such as screenshots, exported reports, or policy documents), the agent reviews the file content for potential audit failures, using the associated control description as context. Findings are presented for your review. If you choose to act on a finding, the agent generates a Hyperproof task with the relevant details pre-populated.
When the agent identifies a potential issue, it presents its findings for your review and offers the option to create a remediation task. This allows your team to address evidence quality issues directly within the Hyperproof workflow, without the need for separate manual review cycles.
Note: AI analysis is advisory. The agent locates potential issues for human review and does not automatically fail or change the status of any control or proof item.
Using the Agents Together
The two agents are designed to work in sequence across the compliance evidence lifecycle:
Stage | What happens |
1. Discovery | The Collection Agent analyzes your control language and recommends the right integrations and proof types |
2. Setup | The agent walks you through configuring a Hypersync, LiveSync, or Repeating Task—handling credential requests if needed |
3. Collection | Hyperproof begins importing evidence on the configured schedule |
4. Validation | The Validation Agent presents pre-built tests matched to your new proof type; you add them with a single click |
5. Analysis | For image or document evidence, the Validation Agent reviews content for potential audit failures |
6. Remediation | Issues identified by the Validation Agent are converted to tasks and assigned to the appropriate team members |
Frequently Asked Questions
Do these agents require any specific integrations to be active?
The AI Evidence Collection Agent works with any Hyperproof-supported integration and also supports workflows for systems without Hypersync support. The AI Evidence Validation Agent's pre-built test library is available for the specific services listed above; document and image analysis work with any file-based evidence.
Can I use the agents with controls I already have set up?
Yes. Both agents can be invoked from existing controls. The Collection Agent can help you add or reconfigure automations on any control, and the Validation Agent can be applied to proof that is already linked to a control.
Are the pre-built validation tests editable?
All pre-built tests are fully customizable. After adding a test from the library, you can adjust field conditions, change threshold values, and modify the test logic to match your organization's specific policies and requirements.
What happens if the AI document analysis identifies an issue?
Findings from document and image analysis are presented to you for review. If you choose to act on a finding, the agent can generate a Hyperproof task with the relevant details pre-populated. No control status or proof status is changed automatically based on AI findings.
Is my control or evidence data shared with external AI providers?
Your control language and evidence content are used only to generate suggestions and findings within your active session. This data is not shared externally, retained beyond the session, or used to train any AI model.
What roles can use these agents?
Any Hyperproof user with permission to view and edit a control can use the AI Evidence Collection and Validation Agents for that control. Permissions are enforced at the Hyperproof level—the agents cannot access or act on objects outside the current user's permission scope.
Are agent activities logged?
AI agents don't make changes on their own. Every action requires explicit user confirmation. As a result, all AI-assisted activity is automatically captured in Hyperproof's existing activity feed, exactly as if the user had acted manually. No separate AI audit log is needed.