Risk and exposure
AI agent risk score
Score how exposed your AI agents are right now. The number is a transparent weighted model of your attack surface, and you can see every factor that moves it.
Live in your browser · assumptions shown · no email required
The estimate
Move the inputs. The number is yours.
Not every agent deployment carries the same risk. This calculator scores your attack surface from 0 to 100 across the factors that actually drive agent risk: how autonomous the agents are, what data they can reach, whether they can act on production, and whether they ingest untrusted content.
Your deployment
Adjust the inputs to match your setup. The estimate updates as you go.
Agents can write or delete in production
Not just read access.
Agents ingest untrusted external content
Web pages, email, or documents, a prompt-injection path.
Agent risk score
Top exposures: Data reach, Production write access, Untrusted content.
How the score breaks down
- Fleet surface13 / 28
8 agents across 12 tools (saturates at scale)
- Autonomy level11 / 22
Semi-autonomous (some actions run automatically)
- Data reach15 / 22
Regulated data (PII, PHI, PCI)
- Production write access14 / 14
Agents can write or delete in production
- Untrusted content14 / 14
Ingests external content, a prompt-injection path
No controls on the tool boundary yet
No controls on the tool boundary. Nothing checks the concrete tool call today. A control plane on the tool boundary would score and police every call before it runs.
Email me this report
Get this estimate and a short breakdown in your inbox, and we will follow up if you want to talk through your agent setup. The result above stays free with no signup.
The score is a transparent weighted model, not a measured assessment. Every factor's contribution is shown so you can see exactly what moves the number.
Assumptions and sources
Every coefficient, on the page.
The score is a weighted sum of the factors that drive agent risk, on a fixed 100-point raw scale. Fleet surface uses a saturating (log) curve so more agents and tools raise the score with diminishing returns. Existing controls apply as a reduction multiplier on the raw score, so a real control plane roughly halves it.
Factor weights: surface 28, autonomy 22, data 22, production 14, untrusted content 14
A fixed 100-point raw ceiling. The weights reflect the relative blast radius and likelihood each factor adds, not a measured incident rate.
Controls reduction: gateway 50%, basic 18%
Scoring the actual tool call before it runs catches injected or mistaken actions, so a control plane lowers the raw score the most. Basic allowlists help less because they miss the concrete arguments.
Saturating fleet surface
Surface scales with the log of agents times tools, so a large fleet raises exposure with diminishing returns rather than without bound.
FAQ
Questions about the model.
How is the score calculated?
It is a weighted sum of five factors (fleet surface, autonomy, data reach, production write access, and untrusted content) on a fixed 100-point raw scale. Existing controls then apply as a reduction multiplier. Every factor's contribution is shown in the breakdown.
Why do existing controls lower the score?
Risk is surface minus what you catch before it runs. A control plane that scores the actual tool call catches injected or mistaken actions, so it reduces the raw score the most. Prompt rules and allowlists help less because they do not inspect the concrete arguments.
Is this a measured security assessment?
No. It is a transparent model to size your exposure and show what drives it, not an audit or a guarantee. Use it to prioritize, then verify with a real assessment of your agents.
How does AxioRank lower agent risk?
AxioRank sits on the tool boundary and scores every call for leaked secrets, PII, destructive operations, and prompt injection, checks it against your policy, and records it in a tamper-evident audit log. That is the control plane reduction modeled here.
Keep exploring
From estimate to enforcement.
Govern your agents, not just estimate the risk
AxioRank scores every tool call your agents make for leaked secrets, PII, destructive operations, and prompt injection, then proves it in a tamper-evident audit log. Start free, no card.