Agent access risk scorecard
Score one agent permission against visible changes, money, private data, revocation, and logs.
Agent access risk scorecard
Before you give an agent a new permission, score the permission against five checks: visible changes, money, private data, revocation, and logs.
Pick one permission your agent wants. Don’t score the whole agent. Score the permission.
If the permission can change customer-visible state, spend money, touch private data, or act without a fast rollback path, it should not run fully unattended.
Score one agent permission in 60 seconds
the five checks
Permission to score: ____________________ 1. Can this permission change customer- or user-visible state? - No: 0 - Yes, but reversible: 1 - Yes, and hard to reverse: 2 2. Can it spend money, trigger a vendor action, or create a billable event? - No: 0 - Yes, below a clear limit: 1 - Yes, without a clear limit: 2 3. Can it expose credentials, private data, logs, or customer records? - No: 0 - Read-only limited data: 1 - Secrets, broad logs, or customer records: 2 4. Can a human pause or revoke the permission quickly? - Yes, from an obvious control: 0 - Yes, but only through an admin or deploy path: 1 - No clear pause/revoke path: 2 5. Will logs show exactly what the agent did and why? - Yes, action + reason + actor are logged: 0 - Partial logs only: 1 - No useful audit trail: 2 Result: - 0–2: Green — allow the agent to execute. - 3–5: Yellow — let the agent prepare; require human approval to execute. - 6–10: Red — block until ownership, rollback, and logging are clear. Team note: We are scoring the permission, not the model. If the permission changes state, spends money, touches private data, lacks revocation, or lacks logs, the agent needs a tighter boundary.
how to use the score
Green: allow the agent to execute. Keep the logs on.
Yellow: let the agent prepare the change, but require human approval before it executes.
Red: block the permission until ownership, rollback, and logging are clear.