HubSpot is giving AI agents direct control of its CRM systems, testing the limits of enterprise control. By opening its data and functionality via its APIs and MCP server, the company is moving toward a model where core customer experience operations could be run autonomously.
It’s a bold move given recent incidents involving agent access, such as a Cursor AI agent deleting PocketOS’s entire database and a security breach at Vercel that gave hackers access to customer API keys, which have highlighted how easily AI systems can overreach when given access to tokens. Those incidents have also raised questions about how much control enterprises are willing to give up in pursuit of automation.
Duncan Lennox, Chief Product and Technology Officer at HubSpot, outlined the company’s “vision for building an open ecosystem for the agent era” in a blog post:
“We’re continuing to expand our public API surface so that every capability of the platform—every workflow, every action, every piece of context—is accessible to the apps and agents built on top of us. No capability should live only behind a UI.”
The company is opening its data and intelligence layers to its customers, partners and developers, as it adapts the software to become accessible to AI agents as well as humans.
From Human‑First to Agent‑Ready Software
The shift from human-centric interfaces to machine-operable systems has implications for how businesses orchestrate customer journeys and automate service. The quality of APIs and the way data is structured of data become central to customer experience delivery.
“[A]gents don’t click through dashboards or navigate interfaces; they call APIs, read structured outputs, and take action,” Lennox noted. “Software built for humans has to evolve to be genuinely accessible to agents, too.”
HubSpot is already an open, agent-ready platform, Lennox wrote. Its APIs and MCP server are live, with connectors for Claude, ChatGPT, Gemini and Copilot. More than 2,000 apps run across HubSpot and users are continually building new agents on top of the platform.
That means its foundational layer of contacts, companies, deals, conversations, tickets activity is open and accessible to power integrations.
The next step is “full API parity,” according to Lennox.
“Access alone isn’t enough… Agents also need substance. An agent reasoning over raw records has no way to know what’s normal for a specific business, or what’s worked for hundreds of thousands of companies like it.”
HubSpot views the real AI race as being about context as a differentiator rather than models or data.
AI agents can operate with a deeper understanding of customer history, behavioral patterns and performance benchmarks, potentially improving personalization and responsiveness.
To provide that context, the company is now building the intelligence layer, containing the insights enterprises gain from HubSpot that inform decisions, such as scores, assessments and benchmarks, as well as actions that drive outcomes, including qualifying leads, resolving tickets and saving deals.
“This is the work our Breeze agents already do inside HubSpot, and it will soon be available wherever teams and agents operate,” Lennox added.
“The vision we are working toward is bigger: Agents can run on HubSpot. And agents can run HubSpot.”
Running on HubSpot means that any AI agent can gain a dynamic understanding informed by patterns across HubSpot’s network of more than 280,000 customers, encompassing a company’s business, teams, processes, and customers. Running HubSpot means that agents will be able to operate the platform end to end through HubSpot’s APIs, MCP server, CLI and potentially other access methods that emerge as AI agents develop, Lennox explained.
HubSpot’s approach reflects its approach that customers should be able to choose the best agents, integrations and partners for their needs, even if they come from outside its platform.
“We’re working toward a simple standard: anything you can do inside HubSpot, you should be able to do through an API. Our intelligence should reach you wherever you work, inside or outside of HubSpot, directly or through apps and agents built on top of us,” Lennox stated.
It’s a lofty goal, but HubSpot is taking a risk.
Autonomy at Machine Speed Raises the Stakes
Granting programmatic access to every dataset and workflow increases the potential impact of errors, misuse or unintended behaviour at machine speed. After all, it took just nine seconds for a well-intended AI agent to delete PocketOS’s entire database and backups. Agents can potentially trigger customer communications, modify records, or execute processes without the friction that typically allows for humans to intervene.
As the PocketOS incident showed, agents can access or infer pathways to APIs beyond their intended scope, raising concerns about permission boundaries and fail-safes.
HubSpot’s approach goes further than most of its competitors. While vendors like Salesforce and Microsoft are introducing agentic frameworks and expanding API access, they are maintaining tighter controls over how far those agents can operate within core systems. Agent activity is largely confined to predefined workflows, permission layers and governance models, rather than extending to full operational control of the platform.
HubSpot’s ambition for complete API parity indicates a more expansive view of autonomy. That distinction makes it essential for CX teams to maintain visibility and control over systems that are increasingly acting on their behalf across critical customer data and processes.
Without Trust, AI Agents Become a Risk Multiplier
Lennox contrasted the vendor’s open approach with some platforms that will respond to the rise of AI agents by restricting access to their systems and prioritising control over interoperability.
“We think the moment calls for the opposite. When agents can access data, act on behalf of customers, and run business processes, openness and trust matter more than ever.”
HubSpot is treating trust and governance as core infrastructure, according to Lennox. “When a customer connects a partner tool, spins up an agent, or builds something custom, they should know exactly what it can access and what it’s doing. Agents that act on your behalf are only useful if you can trust them.”
Trust will only become more complex as autonomous agents take on customer-facing tasks.
HubSpot’s approach reflects the growing tension between capability and control. Richer, structured business context creates opportunities to improve the quality and consistency of customer experiences. But as multiple agents, integrations and automated workflows begin to interact within the same environment, orchestration will increasingly become an operational challenge.
