Agent access risk scorecard

Score one agent permission against visible changes, money, private data, revocation, and logs.

Agent access risk scorecard

Before you give an agent a new permission, score the permission against five checks: visible changes, money, private data, revocation, and logs.

Pick one permission your agent wants. Don’t score the whole agent. Score the permission.

If the permission can change customer-visible state, spend money, touch private data, or act without a fast rollback path, it should not run fully unattended.

Score one agent permission in 60 seconds

the five checks

Permission to score: ____________________

1. Can this permission change customer- or user-visible state?
   - No: 0
   - Yes, but reversible: 1
   - Yes, and hard to reverse: 2

2. Can it spend money, trigger a vendor action, or create a billable event?
   - No: 0
   - Yes, below a clear limit: 1
   - Yes, without a clear limit: 2

3. Can it expose credentials, private data, logs, or customer records?
   - No: 0
   - Read-only limited data: 1
   - Secrets, broad logs, or customer records: 2

4. Can a human pause or revoke the permission quickly?
   - Yes, from an obvious control: 0
   - Yes, but only through an admin or deploy path: 1
   - No clear pause/revoke path: 2

5. Will logs show exactly what the agent did and why?
   - Yes, action + reason + actor are logged: 0
   - Partial logs only: 1
   - No useful audit trail: 2

Result:
- 0–2: Green — allow the agent to execute.
- 3–5: Yellow — let the agent prepare; require human approval to execute.
- 6–10: Red — block until ownership, rollback, and logging are clear.

Team note:
We are scoring the permission, not the model. If the permission changes state, spends money, touches private data, lacks revocation, or lacks logs, the agent needs a tighter boundary.

how to use the score

Green: allow the agent to execute. Keep the logs on.

Yellow: let the agent prepare the change, but require human approval before it executes.

Red: block the permission until ownership, rollback, and logging are clear.

Score one agent permission in 60 seconds