Risk Assessment
AiQarus agents assess risk in real-time to prioritize actions and trigger appropriate human oversight.
How Risk Assessment Works
Every action an agent considers is scored:
┌─────────────────────────────────────────────────────────────────────┐
│ Risk Assessment Engine │
│ │
│ Action: Revoke AWS Production admin access │
│ │
│ ┌─────────────────────────────────────────────────────────────┐ │
│ │ Risk Factors │ │
│ │ │ │
│ │ Access Scope: │ │
│ │ • AWS Production (admin) → +30 points │ │
│ │ • GitHub org admin → +25 points │ │
│ │ • Customer Slack channels → +10 points │ │
│ │ │ │
│ │ Departure Context: │ │
│ │ • Leaving for competitor → +20 points │ │
│ │ • Short notice (< 2 weeks) → +10 points │ │
│ │ │ │
│ │ Anomalies: │ │
│ │ • Unusual download activity → +15 points │ │
│ └─────────────────────────────────────────────────────────────┘ │
│ │ │
│ ▼ │
│ ┌─────────────────────────────────────────────────────────────┐ │
│ │ Total Risk Score: 85/100 (HIGH) │ │
│ └─────────────────────────────────────────────────────────────┘ │
│ │
└─────────────────────────────────────────────────────────────────────┘Risk Levels
| Level | Score Range | Behavior |
|---|---|---|
| Low | 0-25 | Execute autonomously |
| Medium | 26-50 | Execute with notification |
| High | 51-75 | Require approval |
| Critical | 76-100 | Full review + escalation |
Risk Factors
Action-Based Factors
| Factor | Risk Points | Examples |
|---|---|---|
| Read operations | 0-5 | List users, view documents |
| Write operations | 10-20 | Update records, send messages |
| Delete operations | 30-50 | Remove access, delete files |
| Admin operations | 40-60 | Transfer ownership, modify permissions |
Data Sensitivity
| Factor | Risk Points | Examples |
|---|---|---|
| Public data | 0 | Public website content |
| Internal data | 5-15 | Internal documents |
| Confidential | 20-30 | Financial data, HR records |
| PII | 30-40 | Customer personal data |
| Regulated | 40-50 | HIPAA, SOX protected data |
Scope of Impact
| Factor | Risk Points | Examples |
|---|---|---|
| Single user | 0-5 | One person affected |
| Team | 10-20 | Department affected |
| Organization | 25-35 | Company-wide impact |
| External | 35-50 | Customers/partners affected |
Reversibility
| Factor | Risk Points | Examples |
|---|---|---|
| Easily reversible | 0 | Can undo immediately |
| Reversible with effort | 10-20 | Requires admin action |
| Partially reversible | 25-35 | Some data loss possible |
| Irreversible | 40-50 | Cannot be undone |
Context-Aware Scoring
Risk scores adjust based on context:
Employee Offboarding Example
{
"base_action": "revoke_access",
"base_risk": 25,
"context_modifiers": {
"departure_type": {
"voluntary": 0,
"involuntary": +15,
"competitor": +25
},
"access_level": {
"standard": 0,
"elevated": +10,
"admin": +20
},
"system_sensitivity": {
"internal": 0,
"production": +20,
"customer_data": +30
}
},
"anomaly_modifiers": {
"unusual_download": +15,
"after_hours_access": +10,
"new_external_shares": +20
}
}Prioritization
High-risk actions are prioritized:
┌─────────────────────────────────────────────────────────────────────┐
│ Recommended Action Plan (prioritized by risk): │
│ │
│ 🔴 IMMEDIATE (requires approval): │
│ 1. Revoke AWS Production admin access Risk: 85 │
│ 2. Revoke GitHub org admin rights Risk: 70 │
│ │
│ 🟡 TODAY (flagged for review): │
│ 3. Audit recent data exports Risk: 55 │
│ 4. Review repository access patterns Risk: 50 │
│ │
│ 🟢 BEFORE LAST DAY: │
│ 5. Knowledge transfer for projects Risk: 30 │
│ 6. Update documentation Risk: 25 │
│ │
│ ⚪ ON LAST DAY: │
│ 7. Disable all accounts Risk: 20 │
│ 8. Send farewell message Risk: 5 │
│ │
└─────────────────────────────────────────────────────────────────────┘Anomaly Detection
The risk engine integrates with anomaly detection:
Data Export Monitoring
{
"anomaly_type": "unusual_download",
"user": "marcus.chen@company.com",
"details": {
"downloaded_bytes": 2400000000,
"baseline_bytes": 50000000,
"deviation": "48x normal",
"timeframe": "last 7 days"
},
"risk_modifier": +15
}Access Pattern Analysis
{
"anomaly_type": "access_pattern",
"user": "marcus.chen@company.com",
"details": {
"unusual_systems": ["customer-db", "billing-archive"],
"unusual_times": ["2:00 AM - 4:00 AM"],
"frequency_change": "+300%"
},
"risk_modifier": +20
}Configuring Risk Rules
Custom Risk Weights
risk_rules:
action_weights:
delete: 40
revoke_admin: 35
transfer_ownership: 30
modify_permissions: 25
send_external: 20
sensitivity_weights:
production: 30
customer_data: 35
financial: 30
pii: 40
context_weights:
competitor_departure: 25
involuntary_termination: 20
short_notice: 10Custom Thresholds
risk_thresholds:
auto_execute: 25
notify: 50
require_approval: 70
require_escalation: 85Risk Reports
View risk assessments in run details:
┌─────────────────────────────────────────────────────────────────────┐
│ Risk Assessment Report │
│ Run: Off-boarding Marcus Chen │
│ │
│ Overall Risk Level: HIGH (85/100) │
│ │
│ Factor Breakdown: │
│ ────────────────────────────────────────────────────────────────── │
│ Access Scope 65 pts │
│ ├─ AWS Production Admin 30 │
│ ├─ GitHub Org Admin 25 │
│ └─ Customer Slack Access 10 │
│ │
│ Departure Context 30 pts │
│ ├─ Competitor Departure 20 │
│ └─ Short Notice 10 │
│ │
│ Anomalies Detected 15 pts │
│ └─ Unusual Download (2.3GB) 15 │
│ │
│ Deductions -25 pts │
│ └─ Positive Performance History -10 │
│ └─ Long Tenure (4 years) -15 │
│ │
│ [View Full Report] [Export PDF] │
│ │
└─────────────────────────────────────────────────────────────────────┘Best Practices
Calibrate Thresholds
Review risk scores after deployment:
- Are important actions being flagged?
- Are too many routine actions requiring approval?
- Adjust weights based on your organization’s risk tolerance
Incorporate Domain Knowledge
Add context-specific risk factors:
- Industry regulations
- Company policies
- Historical incident data
Review Anomaly Alerts
Don’t ignore anomaly detections:
- Investigate unusual patterns
- Update baselines as needed
- Feed learnings back into the system