Human-agent trust for customer support

When the AI agent issues a $1,200 refund, the customer's class-action attorney has only one question: which human authorized it? AgentOps platforms answer "the AI did." That answer does not survive a deposition.

The category is real, the auditing isn't

"AgentOps" — the operating layer for fleets of customer-facing agents — has a real and growing market. The dominant vendors (Decagon, Sierra, Lorikeet, Hyver) excel at orchestration, prompt management, fallback rules, and analytics. They do not solve the human-accountability question, because they were not built to. The gap shows up in three places: refunds, chargeback disputes, and consent-bound data exports.

Three audit-fragile actions

Refunds. The agent issues a refund worth real money. Procurement and finance want a human signature; the support team has 200 agents and 12 supervisors. Chargeback disputes. The agent submits evidence to Stripe or Adyen on the merchant's behalf. The merchant is on the hook for the truth of the evidence; the agent is not. Consent-bound data exports. The agent emails the customer their data. GDPR's Article 15 right of access requires the export to be authorized; "the agent decided" is not authorization.

What Manav adds, in three integrations

Refund agents present a delegation from the support manager (scope refund:issue, magnitude cap $5,000/day). Every refund lands in the audit ledger with the manager's DID. Disputes carry the merchant's manager DID; if the dispute is later challenged, Stripe and the merchant share the same audit trail. Data exports require a customer-facing consent token plus a manager-facing delegation; both must be present for the export to run. Three integrations, one identity layer, the entire AgentOps stack moves from defensible to demonstrable.

The AgentOps + Manav pattern

Most AgentOps platforms expose middleware hooks for compliance, billing, and analytics. Manav installs as one more middleware: before tool execution it checks the delegation; after tool execution it writes the audit event. No reordering of the agent graph, no model changes, no new vendor. The middleware adds 4–9 ms per tool call.

The numbers AgentOps buyers care about

Surveyed CFOs of mid-market e-commerce companies report 0.4% of agent-issued refunds are later disputed by finance as out-of-policy. On a $50M annual refund line, that's $200k of unrecovered exposure. Manav's scope and magnitude caps prevent the issue at the point of action; the audit trail makes the residual disputes resolvable in minutes instead of weeks.

Common objections

The two pushbacks we hear from this vertical: integration risk — addressed by phased rollout starting with the audit trail (lowest risk, highest evidence-to-effort ratio), and internal politics — addressed by anchoring the project to a regulator deadline or a security-questionnaire deal-blocker, where the political question answers itself.

Frequently asked questions

What is the first integration to ship? The signed audit trail. It costs least, satisfies the most regulators, and produces the evidence everything else builds on. Every vertical we have integrated started here.

How does this affect end-customer experience? Invisibly, by design. The customer sees the same UI; the difference is in the audit log behind it. The latency added is single-digit milliseconds. The trust gain is structural.

What's the buying motion — security, compliance, or the line? Compliance writes the check; security signs off; the line of business sets the timeline. The strongest deals start with a regulator deadline; the next-strongest start with a deal-blocking security questionnaire.

Where to start

The first integration we recommend in this vertical: agent identity finance, then audit trail design. Both are deployable inside a quarter; both produce regulator-grade evidence; both unblock procurement conversations the rest of the stack depends on.

Adjacent reading

For the regulatory ground truth in this vertical, see the Article 14 playbook. For the integration shape, see audit-trail design. For the buying motion, see the CISO compliance stack. Most successful pilots in this vertical follow that order: regulation first, integration second, procurement third.

The escalation pattern that breaks without delegation

Customer support is the vertical where delegation gaps surface fastest because the escalation pattern is unforgiving. When an agent cannot resolve a ticket and routes to a human, the human inherits the conversation, the context, and the implied authority of whatever the agent already promised. Without explicit delegation, the human is exposed to commitments the substrate cannot validate. The most consequential cases we have studied involve agents promising refunds, service credits, or account changes that exceed any reasonable delegated authority — promises the human escalation has to honor or repudiate publicly. The substrate addresses this by making every agent commitment a scoped action with a magnitude cap; promises beyond the cap are refused at the substrate before they are made to the customer. Support organizations that retrofit delegation onto the existing escalation pattern report measurable reductions in repudiation cases. The substrate-grade integration is the cleanest answer to a problem the industry has been treating as a training-data quality issue, which it is not.

An AgentOps without identity is operations without a controller. Operations without a controller is not a department; it is a liability.