Defense and governance
Blast radius (AI agents)
Blast radius is the extent of harm an AI agent could cause if it were compromised, determined by the data it can reach and the actions it can take.
Definition
What is blast radius for AI agents?
Blast radius measures potential damage, not the likelihood of an attack. For an agent it is set by capability: which tools it can call, whether those tools can write or delete, what data and credentials it can reach, and how autonomously it acts. An agent that can only read public data has a small blast radius; one that can move money or delete production has a large one.
Thinking in blast radius reframes agent security around containment. Instead of trying to make compromise impossible, you shrink what a compromise can achieve, through least privilege, default-deny tool allowlists, tight credential scoping, and approvals on the highest-impact actions, so that even a successful injection is limited in what it can touch.
FAQ
Common questions.
How do you reduce an agent's blast radius?
Limit capability: default-deny tool allowlists, least-privilege credentials, read-only where possible, and human approval on the highest-impact actions. The goal is to contain what a compromise can reach, not just to prevent it.
Related terms
Keep reading.
Govern the actions, not just the vocabulary
AxioRank scores every tool call your agents make for leaked secrets, PII, destructive operations, and prompt injection, checks it against your policy, and proves it in a tamper-evident audit log. Start free, no card.