One page, one function: screen whether an agent is ready for a controlled pilot or needs redesign.
Free agent risk scorecard
Agent Risk Scorecard
Score an AI agent before launch by checking tool authority, human review, evidence logging, rollback path, and data exposure risk.
Start here
Score launch risk
Select the agent controls. The result gives you a simple risk score, launch blockers, required controls, and a monitoring plan.
Useful before giving agents tool access, write authority, customer data, or production responsibility.
Copy the result into a launch review, security review, pilot plan, or incident-prevention checklist.
Score agent risk before the demo becomes production
Agent demos can feel safe because the happy path works. Production risk comes from the paths nobody watched: a tool call with too much authority, missing evidence logs, weak human review, no rollback, or sensitive data entering a system without clear controls. The Agent Risk Scorecard makes those launch risks visible before the agent receives broader permissions.
The score is deliberately simple. It is not a full security audit. It is a fast launch gate that tells you whether the agent should stay read-only, move to a constrained pilot, or stop until the workflow is redesigned.
Risk dimensions
- Tool authority: read-only agents are safer than agents that can write or change production state.
- Human review: approval gates reduce risk when output affects users, money, accounts, or operations.
- Evidence logging: reviewers need traces, tool calls, inputs, outputs, and rejected attempts.
- Rollback path: every write action needs a way to reverse, pause, or escalate.
- Data exposure: customer or regulated data raises the bar for controls and review.
Launch readiness thresholds
- Low risk: read-only or tightly constrained pilot with full trace and human gate.
- Medium risk: some draft writes or partial automation, but approval and recovery still exist.
- High risk: production writes, sensitive data, weak logs, no rollback, or no clear owner.
- Blocker: any high-impact action without evidence, review, and rollback should stop the launch.
How to use the score in a launch review
- Score the current design honestly. Do not score the future plan; score what exists today.
- Review the blockers first. Fix authority, logs, rollback, and human gates before adding more features.
- Constrain the pilot. Limit users, data, tools, frequency, and impact until evidence improves.
- Name the owner. A launch gate without an owner becomes a suggestion, not a control.
- Retest after changes. Score again when the agent gets new tools, new data, or broader permission.
Related guides
Frequently asked questions
What is an agent launch blocker?
A launch blocker is a missing control that can let an agent take high-impact action without evidence, review, rollback, or a clear owner.
Can a high-risk agent score be acceptable?
A high-risk score can be acceptable only when the workflow stays in a constrained pilot with strong human review, logs, and explicit non-production limits.
Is the score a security assessment?
No. It is a lightweight launch-readiness screen. Sensitive or regulated workflows still need security, privacy, legal, and policy review.
Novamente Weekly
Launch agents only after the failure paths are visible.
Subscribe for scorecard updates, incident-review templates, and agent reliability notes.