Skip to main content

Entity Risk Assessment

Beyond per-event scoring, Quint evaluates the overall risk posture of agents, systems, and entire fleets. Entity assessment uses 8 dimensions computed from the complete behavioral graph.

Assessment Levels

Level 4: Fleet Assessment     "How risky is our entire agent infrastructure?"
Level 3: System Assessment    "How risky is this application/platform?"
Level 2: Agent Assessment     "How risky is this specific agent?"
Level 1: Session Assessment   "How risky was this particular session?"

Agent Assessment (Level 2)

The most common assessment. Produces scores across 8 dimensions, each 0-100.

Dimensions

DimensionWeightDescription
Historical Event Risk0.20EWMA of daily max scores (recent events weight more)
Privilege Footprint0.15Blast radius: resources, fields, servers, OAuth scopes
Behavioral Consistency0.15Action entropy, session variance, resource stability
Policy Compliance Rate0.15Violation frequency weighted by severity
Data Sensitivity Exposure0.10Highest-sensitivity data regularly accessed
External Communication Risk0.10Outbound data volume, unwhitelisted endpoints
MCP Trust Surface0.08Unverified servers, description changes, broad schemas
Trend Trajectory0.07Is the agent getting riskier or safer?

Agent Composite Formula

agent_risk = (
  0.20 × historical_event_risk +
  0.15 × privilege_footprint +
  0.15 × behavioral_consistency +
  0.15 × policy_compliance +
  0.10 × data_sensitivity_exposure +
  0.10 × external_communication_risk +
  0.08 × mcp_trust_surface +
  0.07 × trend_trajectory
)

Example Agent Profile

{
  "agent_id": "support_bot_v3",
  "agent_risk_score": 34,
  "risk_level": "medium",
  "dimensions": {
    "historical_event_risk": {"score": 22, "weight": 0.20},
    "privilege_footprint": {"score": 58, "weight": 0.15},
    "behavioral_consistency": {"score": 15, "weight": 0.15},
    "policy_compliance": {"score": 8, "weight": 0.15},
    "data_sensitivity_exposure": {"score": 45, "weight": 0.10},
    "external_communication_risk": {"score": 62, "weight": 0.10},
    "mcp_trust_surface": {"score": 10, "weight": 0.08},
    "trend_trajectory": {"score": 38, "weight": 0.07}
  },
  "risk_drivers": [
    {
      "dimension": "external_communication_risk",
      "score": 62,
      "explanation": "Sends data to 3 external endpoints including 1 not on whitelist",
      "recommendation": "Review and whitelist api.analytics-partner.io"
    }
  ],
  "trend": {
    "7d_avg": 18,
    "14d_avg": 21,
    "30d_avg": 22,
    "direction": "improving"
  }
}

System Assessment (Level 3)

Aggregates agent scores and adds cross-agent signals:
SignalWeightDescription
Weighted agent scores0.50Weighted by action volume
Cross-agent resource contention0.20Multiple agents accessing same sensitive resources
Shared MCP concentration0.15Single-point-of-compromise MCP servers
Delegation chain risk0.15Cross-agent delegation depth

Fleet Assessment (Level 4)

CISO dashboard view across all agents and systems: 
{
  "fleet_risk_score": 31,
  "total_agents": 23,
  "total_systems": 4,
  "systems": [
    {"system": "customer_support", "score": 38, "agents": 7},
    {"system": "code_review", "score": 22, "agents": 5},
    {"system": "data_pipeline", "score": 45, "agents": 8},
    {"system": "sales_outreach", "score": 18, "agents": 3}
  ],
  "fleet_stats": {
    "total_actions_30d": 2847000,
    "total_policy_violations_30d": 342,
    "violation_rate": "0.012%"
  }
}

Entity Risk Levels

ScoreLevelMeaning
1-15LowOperating within baseline
16-35ModerateSome drift, monitor
36-60ElevatedSignificant changes, investigate
61-80HighActive risk, restrict permissions
81-100CriticalLikely compromised, immediate action

Assessment Triggers

TriggerFrequency
Scheduled (background)Agent: 6h, System: 12h, Fleet: 24h
Threshold-triggeredOn any event exceeding alert threshold
API-requested (on-demand)GET /v1/assess/agent/{id}?window=30d