The 50-Point Agentic Marketing Stack Audit

Do we maintain a documented register of every AI agent, LLM-powered tool, and autonomous workflow currently active in marketing? The register should be a living document, not a one-time inventory that goes stale. Include tools running in vendor platforms (Agentforce, Breeze, K:AI) and custom-built workflows (n8n, Zapier, Make).

Does each agent record include a named owner, a business purpose in plain English, and a date last reviewed? Without owner accountability, no one responds when an agent produces bad output. Without a review date, agents drift silently past their designed use case.

For each agent, do we know which underlying model(s) and vendor(s) it depends on — Claude, GPT-4o, Gemini, Mistral, or in-house? Vendor model changes (prompt-caching updates, context-window changes, deprecations) affect agent output directly. If you don't know the dependency, you can't manage the change.

Have we identified agents built by individual marketers without IT approval — in ChatGPT free/Pro accounts, Claude.ai personal, n8n self-hosted, or consumer Zapier? Shadow agents process brand data and customer data outside any DPA or access-control framework. HubSpot's 2026 State of Marketing reports 19.2% of marketers already automate initiatives end-to-end with AI — not all of them went through IT.

Do we know which agents in our stack are generally available versus beta or experimental? Salesforce Agentforce 360 reached GA October 13, 2025; Agentforce Marketing features are rolling through Winter '26 and Spring '26 releases. HubSpot's Breeze Agents include GA agents (Customer, Prospecting, Data) and beta agents (Customer Health, Company Research, Closing). Running beta agents in production workflows without explicit acknowledgment of their maturity status is an operational risk.

Is there a defined process for retiring agents that are no longer used — including credential revocation, integration cleanup, and register updates? Zombie agents with active API keys and OAuth scopes are a security surface. The retirement process should be as formal as the onboarding process.

Do we re-inventory our agent register at least quarterly? The agentic marketing landscape in 2026 moves fast enough that a register last updated six months ago almost certainly omits new deployments and retains deprecated ones. Quarterly cadence is the minimum; monthly is better for teams running more than 10 agents.

Do all marketing agents read and write from a single source of truth — a CRM or CDP — rather than isolated silos? Agents that read from different data sources produce inconsistent personalization. Agents that write to different destinations create duplicate records and attribution gaps. The single-source-of-truth requirement is foundational, not aspirational.

Are your CRM (Salesforce, HubSpot), ESP (Klaviyo, Marketo), and CMS connected to the same identity graph? Without a unified identity graph, an agent can simultaneously send a win-back campaign to a customer who churned in the CRM but still appears active in the ESP. Klaviyo's K:AI Segments AI requires a unified customer identity to generate accurate predictive segments.

Do we use vendor-native agents — Agentforce 360, HubSpot Breeze Agents, Klaviyo K:AI — before deploying bolt-on third parties? Native agents benefit from vendor-maintained integration, updated model access, and built-in guardrails. Third-party agents introduce an additional maintenance surface and a potential data-handling risk when they proxy between your stack and an external LLM.

Have we documented every API key, OAuth scope, and webhook used by agents? Undocumented credentials are a security risk during agent retirement and during staff turnover. OAuth scopes granted to agents should follow the principle of least privilege — an agent that reads contacts should not have a scope that allows deleting them.

Are integrations monitored for failure, with alerts on broken syncs? A broken Klaviyo-to-Salesforce sync can silently corrupt audience segments used by AI agents for three days before anyone in marketing notices the email suppression list is out of date. Integration health monitoring is table stakes, not a nice-to-have.

Do we use Model Context Protocol or an equivalent structured interface for cross-agent tool calling, rather than custom point-to-point glue code? MCP (standardized by Anthropic and adopted across the industry in 2025-2026) allows agents to call tools and data sources through a consistent interface that survives API changes. Custom glue code breaks with every vendor update.

Are integration credentials — API keys, OAuth tokens, webhook secrets — rotated on a defined schedule? Static credentials that never rotate are a persistent security risk. Many agentic platforms now support automatic credential rotation; enable it where available.

Is there a single dashboard that shows the health status of all agent integrations in one view? Without a unified view, integration failures require manual polling of individual platform logs. Salesforce Agent Observability (GA November 2025) provides metrics, traces, and quality scoring for Agentforce agents — use it if Agentforce is in your stack.

Does every production agent have a defined evaluation rubric — specific quality dimensions scored 1-5, not 'does this seem good?' Dimensions should be relevant to the agent's output type: factual accuracy, brand voice adherence, personalization depth, call-to-action clarity, regulatory compliance. Without a rubric, you cannot detect degradation, and you cannot compare outputs across model updates.

Do we run automated regression tests on agent outputs before deploying new prompts or model updates? Prompt changes that look harmless in isolation can dramatically shift output tone, format, or factual accuracy at scale. Regression tests against a fixed test set catch these regressions before they reach production.

Do we use LLM-as-judge evaluation with chain-of-thought reasoning, calibrated against a human-labeled gold set? Research benchmarks suggest approximately 85% agreement with human reviewers when chain-of-thought reasoning is applied. Without a human-labeled gold set to calibrate against, the LLM judge may be measuring the wrong dimensions or applying inconsistent scoring thresholds.

Is there a versioned, source-controlled prompt library? Prompts stored in Slack threads, Notion pages, or personal notes cannot be rolled back when a change degrades output. Version control for prompts follows the same logic as version control for code — it provides a history of what changed, when, and why, and enables rollback.

Do we A/B test agent-generated outputs against human-written baselines for a representative sample? Without a baseline comparison, it is impossible to know whether the agent is adding value or subtracting it. The comparison should run on a statistically significant sample and measure the outcome metrics relevant to the agent's purpose — open rate, CTR, conversion, revenue per email.

Do we monitor for agent drift — output quality degradation over time that occurs without any deliberate change to the agent? Drift can occur when the underlying model is updated by the vendor, when the input data distribution shifts, or when the agent's context window fills differently as data volumes grow. Drift monitoring requires periodic re-evaluation against the original gold set.

Have we run at least one red-team or adversarial test per customer-facing agent in the last 90 days? Red-teaming tests whether an agent can be prompted into producing harmful, off-brand, or factually incorrect outputs by a determined user. For customer-facing agents (chatbots, email personalization agents, ad copy generators), this is a minimum responsible deployment practice.

Is there a written AI usage policy that names approved vendors, prohibited use cases, and data-handling rules? This document is the governance foundation every other item in this section references. Without it, there is no standard to audit against, no framework to train against, and no document to produce in the event of a regulatory inquiry. It should name specific approved platforms (e.g., Salesforce Agentforce 360, HubSpot Breeze Agents, Claude for Business) and explicitly prohibit others (e.g., ChatGPT free/Pro for customer data).

Are all marketing AI vendors in the organization's procurement and Data Processing Agreement registry? Vendor-native agents (Agentforce 360, Breeze Agents, Klaviyo K:AI) process customer data on behalf of the organization. Under GDPR, that requires a DPA. Under CCPA, it requires a service-provider agreement. Vendors not in the registry are operating outside the organization's legal framework.

Have we confirmed no customer personally identifiable information flows to consumer-grade LLM tools — ChatGPT free/Pro, Claude.ai personal accounts, Gemini personal accounts? Consumer-grade tools are not covered by enterprise DPAs. A marketer pasting a customer segment CSV into ChatGPT is a data protection violation, not a harmless productivity hack. Shadow agent discovery (item 1.4) is the mechanism that surfaces these violations.

Do we have role-based access controls on agents — not every marketer can deploy a customer-facing agent? A junior email marketer should not have the same agent deployment permissions as a marketing operations director. Access controls should define who can create, deploy, and modify agents, with separate permissions for customer-facing versus internal-only agents.

Are agent actions logged with user identity for audit purposes — recording who triggered the agent, when, and what output was produced? Agent logs without user identity make it impossible to investigate incidents. Salesforce Agent Observability (GA November 2025) provides this infrastructure for Agentforce agents; equivalent logging should be implemented for custom-built agents.

Is there a documented escalation path when an agent produces a harmful or incorrect output? Who is notified? What is the response time SLA? Who has authority to suspend the agent? Without a documented escalation path, the first harmful output produces an ad-hoc and often slow response. The escalation path should be tested before the first production deployment.

Have we mapped EU AI Act transparency obligations (reportedly applying August 2, 2026) to the specific agents we run for EU audiences? This mapping requires identifying which agents produce content served to EU audiences, confirming that visible AI-disclosure and machine-readable metadata are applied to that content, and documenting the compliance posture. The penalty for non-compliance is up to 3% of global annual revenue or €15M.

Are agent owners trained on what NIST's AI Agent Standards initiative (launched February 2026 under CAISI) requires? NIST's framework covers interoperability, safety evaluation, and governance expectations that enterprise procurement teams are increasingly referencing. Agent owners who are unaware of the framework cannot align their agents to it.

Do we attach C2PA Content Credentials to AI-generated images and video before publishing? C2PA credentials are the machine-readable provenance layer that the EU AI Act's transparency rules require on AI-generated ad creative served to EU audiences. Adobe Firefly attaches these by default; workflows that strip them or bypass them need to be identified and fixed. GenAI usage in video ads reached 22% in 2024 and is reportedly projected to 39% by 2026 — the volume of assets requiring credentialing is substantial.

For ads served to EU audiences, do we apply both a visible AI-generated disclosure and the machine-readable C2PA metadata required by the EU AI Act? The visible disclosure is the human-readable label ('This image was created by AI'). The machine-readable metadata is the C2PA manifest. Both are reportedly required; one without the other is non-compliant under the current text of the regulation.

Do we maintain a content register that tracks AI involvement — fully AI-generated, AI-assisted (human edited), or human-only — per asset? This register is the audit trail needed to respond to regulatory inquiries and to accurately report AI usage in annual sustainability and governance disclosures. It also enables the tagging required by attribution item 6.3.

Do we have a brand-safe content policy for AI-generated creative that explicitly prohibits unauthorized use of faces, voices, and third-party IP? AI image and video generators can produce outputs that inadvertently replicate real people's likenesses or copyrighted visual styles. Without a policy that explicitly addresses this, the organization has no governance mechanism to prevent it.

Have we tested that our digital asset management system — Adobe AEM, Cloudinary, Bynder — preserves C2PA manifests through image and video transformations (resizing, format conversion, compression)? This is a common failure mode: a correctly credentialed source asset loses its manifest when it passes through a transformation pipeline, and the final asset served to the ad platform has no provenance metadata.

Is there a mandatory human review gate before AI-generated content publishes to paid channels? Paid channels (search ads, display, social) have brand safety, legal, and regulatory implications that organic content does not. A human review gate is the last line of defense against AI-generated content that passes automated checks but violates brand guidelines, regulatory requirements, or basic accuracy standards.

Have we moved off last-touch attribution to a multi-touch or AI-weighted model? Last-touch attribution in a buyer journey with 27+ touchpoints systematically misallocates budget toward bottom-of-funnel channels and away from the awareness and consideration stages where agentic AI often contributes most. This is the highest-weighted item in this section because the downstream consequences of remaining on last-touch affect every budget decision the team makes.

Are agent-generated touches — chatbot conversations, AI-personalized landing pages, AI email replies — captured in attribution data? These touches are often processed outside the standard UTM-tagged click stream and require deliberate tagging and event instrumentation to appear in attribution dashboards. Without this, AI-generated value is systematically invisible in attribution reports.

Do we tag campaigns with whether they were AI-built, AI-assisted, or human-only for downstream analysis? This tagging enables you to compare the performance of AI-generated creative against human-written creative at scale, to identify where AI adds value and where it reduces quality, and to satisfy the content register requirement from item 5.3.

Do we compare three or more attribution models in parallel on the same data set — last-touch, linear, time-decay, and AI-weighted? Each model tells a different story about where value originates. Running them in parallel reveals the systematic biases in the model your budget decisions currently rely on, and provides a more complete picture of channel and agent contribution.

Can we trace a specific marketing-qualified lead or revenue line item back to the agent or agents that contributed to it? This traceability is the prerequisite for demonstrating AI ROI to finance leadership. Without it, Section 7 ROI items cannot be fully satisfied.

Do we account for AI agent-to-AI agent commerce — 'agentic commerce' — in attribution? As buyers increasingly use AI assistants to research and initiate purchases, the 'touchpoint' may be an agent acting on behalf of a human buyer rather than a human buyer directly. This is an emerging attribution challenge in 2026 that will become mainstream by 2027.

Are attribution dashboards reviewed monthly by both marketing and finance leadership? Attribution data that is only reviewed by marketing has no mechanism for external validation. Finance leadership reviews create accountability for attribution methodology choices and ensure that budget allocation decisions based on attribution data are scrutinized by stakeholders with different incentives.

Do we have a documented ROI model for every marketing AI investment — annual cost versus quantified return? The model should cover the three layers: campaign metrics (ROAS, CPA), pipeline metrics (MQL, SQL, pipeline value), and business metrics (LTV, CAC). McKinsey estimates agentic AI could power more than 60% of AI's projected $463B in marketing-productivity value — but that value is only capturable if teams have the ROI infrastructure to measure it.

Are we tracking all three metric layers — campaign metrics (ROAS/CPA), pipeline metrics (MQL/SQL), and business metrics (LTV/CAC)? Campaign metrics are the most commonly tracked. Business metrics are the most commonly missing. An agent that improves ROAS but increases churn is destroying value at the business level while appearing to add value at the campaign level.

Do we measure productivity lift — hours saved per workflow, multiplied by the loaded hourly cost of the role that was doing that work? Productivity lift is often the largest quantified ROI component for agentic marketing tools, particularly for content production, audience segmentation, and reporting automation. Without a loaded hourly cost baseline, the productivity savings are anecdotal rather than financial.

Do we measure quality lift — click-through rate, conversion rate, and retention deltas versus a pre-AI baseline? Quality lift is the hardest ROI component to measure because it requires a controlled comparison. A/B testing (item 3.5) provides the data source; this item requires that the data source is actually connected to the financial ROI model in item 7.1.

Is at least one quarterly review explicitly scoped to sunsetting underperforming agents — not just launching new ones? Organizations that only launch agents without retiring them accumulate technical debt, maintenance burden, integration complexity, and security surface without proportional return. The retirement discipline requires the ROI floor in item 7.6 and the ROI model in item 7.1 to function.

Have we set a stack-wide ROI floor — for example, a 3x return — below which an agent is sunset? A floor provides an objective, pre-agreed trigger for agent retirement that removes the political friction of making individual cases. Without a floor, underperforming agents persist because no one wants to be the person who killed the AI experiment.

Does the CFO or finance leadership sign off on the annual marketing AI budget with the ROI evidence attached? CFO sign-off creates two valuable governance artifacts: it forces the ROI model in item 7.1 to be finance-grade rather than marketing-grade, and it establishes shared accountability for the return expectation between marketing and finance. Teams where the AI budget is entirely within marketing's discretion are less likely to sunset underperforming investments.

At this score level, there are weight-3 items that are unanswered — meaning at least one of the following is missing: a written AI usage policy, confirmed PII isolation from consumer LLM tools, an agent evaluation rubric, or EU AI Act mapping. Scale any customer-facing agent at this score and you are accepting measurable compliance and trust risk. Immediate priority: address all weight-3 'no' answers before any new agent deployment.

At this score, the organization is among Forrester's <15% that actually enable agentic features with appropriate governance and testing. Remaining gaps are mostly weight-1 documentation and hygiene items. Priority: close weight-1 items in the next sprint, establish a quarterly re-audit cadence, and begin the ROI measurement infrastructure to move toward best-in-class. The forward-looking question is: are the agents that are production-ready actually delivering measurable return?

A score above 90 places the organization in a cohort that Gartner analysts have described as representing 'the biggest B2B MAP innovation in the past year.' The remaining weight-1 gaps are marginal. Priority: formalize knowledge-sharing across the organization so the governance and eval infrastructure benefits adjacent teams, run the audit annually, and focus innovation capacity on the business-level ROI layer (item 7.2) where the $463B in AI marketing-productivity value McKinsey projects will ultimately be captured.