Risk Scoring Overview
Overview
The Ascend Risk Scoring Engine provides comprehensive 0-100 risk assessment for every AI agent action and MCP tool call. The engine evaluates actions across four risk categories (security, data, compliance, financial) and considers contextual factors to produce accurate, actionable risk scores that drive governance decisions.
Risk scores determine whether actions are auto-approved, require human review, or are blocked entirely. The scoring system is designed for sub-200ms performance while maintaining enterprise-grade accuracy.
Key Capabilities
- 4-Category Assessment: Comprehensive scoring across security, data, compliance, and financial dimensions
- Contextual Analysis: Scores adjust based on environment, user role, time, and other factors
- Framework Mapping: Scores align with CVSS, NIST, and MITRE ATT&CK frameworks
- Real-Time Calculation: Sub-200ms scoring for interactive workflows
- Configurable Thresholds: Organization-specific risk tolerance settings
- Trend Analysis: Track risk patterns over time
How It Works
Risk Score Architecture
┌─────────────────────────────────────────────────────────────────────────────┐
│ RISK SCORING ARCHITECTURE │
└─────────────────────────────────────────────────────────────────────────────┘
┌─────────────────┐
│ Action Input │
│ + Context │
└────────┬────────┘
│
v
┌─────────────────────────────────────────────────────────────────────────────┐
│ BASE SCORE CALCULATION │
│ │
│ ┌───────────────────┐ ┌───────────────────┐ ┌───────────────────┐ │
│ │ Namespace │ │ Verb │ │ Resource │ │
│ │ Risk Score │ │ Risk Score │ │ Risk Score │ │
│ │ (0-50) │ │ (0-40) │ │ (0-50) │ │
│ └─────────┬─────────┘ └─────────┬─────────┘ └─────────┬─────────┘ │
│ │ │ │ │
│ └─────────────────────┼─────────────────────┘ │
│ v │
│ ┌─────────────────┐ │
│ │ Combined Base │ │
│ │ (0-100) │ │
│ └────────┬────────┘ │
└─────────────────────────────────────────────────────────────────────────────┘
│
v
┌─────────────────────────────────────────────────────────────────────────────┐
│ CATEGORY SCORING │
│ │
│ ┌─────────────────────────────────────────────────────────────────────┐ │
│ │ │ │
│ │ ┌─────────────┐ ┌─────────────┐ ┌─────────────┐ ┌─────────────┐ │ │
│ │ │ SECURITY │ │ DATA │ │ COMPLIANCE │ │ FINANCIAL │ │ │
│ │ │ (35%) │ │ (30%) │ │ (20%) │ │ (15%) │ │ │
│ │ │ │ │ │ │ │ │ │ │ │
│ │ │ - Admin ops │ │ - PII │ │ - Audit req │ │ - Payments │ │ │
│ │ │ - Creds │ │ - Customer │ │ - Regs │ │ - Billing │ │ │
│ │ │ - Privs │ │ - Sensitive │ │ - Policies │ │ - Revenue │ │ │
│ │ └──────┬──────┘ └──────┬──────┘ └──────┬──────┘ └──────┬──────┘ │ │
│ │ │ │ │ │ │ │
│ └─────────┼───────────────┼───────────────┼───────────────┼───────────┘ │
│ │ │ │ │ │
└─────────────────────────────────────────────────────────────────────────────┘
│
v
┌─────────────────────────────────────────────────────────────────────────────┐
│ CONTEXT MULTIPLIERS │
│ │
│ Environment: production (1.5x) | staging (1.2x) | development (0.8x) │
│ User Role: admin (1.4x) | service_account (1.3x) | standard (1.0x) │
│ Access: external (2.0x) | internal (1.0x) │
│ Time: after_hours (1.3x) | business_hours (1.0x) │
│ Operation: bulk (1.6x) | single (1.0x) │
│ │
└─────────────────────────────────────────────────────────────────────────────┘
│
v
┌─────────────────────────────────────────────────────────────────────────────┐
│ FINAL SCORE │
│ │
│ Total Score = min(100, Weighted_Categories × Context_Multiplier) │
│ │
│ ┌─────────────────────────────────────────────────────────────────────┐ │
│ │ Risk Level: │ │
│ │ 0-24: MINIMAL (Auto-approve) │ │
│ │ 25-49: LOW (Peer review) │ │
│ │ 50-69: MEDIUM (Manager approval) │ │
│ │ 70-89: HIGH (Senior approval) │ │
│ │ 90-100: CRITICAL (Executive approval) │ │
│ └─────────────────────────────────────────────────────────────────────┘ │
│ │
└─────────────────────────────────────────────────────────────────────────────┘
Risk Categories
| Category | Weight | Description | Key Indicators |
|---|---|---|---|
| Security | 35% | Access and privilege risks | Admin ops, credentials, permissions, authentication |
| Data | 30% | Data sensitivity and exposure | PII, customer data, confidential info, PHI |
| Compliance | 20% | Regulatory and policy risks | Audit requirements, regulations, policy violations |
| Financial | 15% | Business impact risks | Billing, payments, revenue, transactions |
Risk Levels
| Score Range | Level | Color | Approval Requirement | Typical SLA |
|---|---|---|---|---|
| 90-100 | CRITICAL | Red | Executive (L5) | 60 min |
| 70-89 | HIGH | Orange | Senior Manager (L3-L4) | 30 min |
| 50-69 | MEDIUM | Yellow | Manager (L2) | 15 min |
| 25-49 | LOW | Blue | Peer Review (L1) | 5 min |
| 0-24 | MINIMAL | Green | Auto-approved (L0) | Immediate |
Configuration
Default Thresholds
| Threshold | Default | Description |
|---|---|---|
auto_approve_below | 30 | Auto-approve actions below this score |
require_approval_above | 30 | Require approval above this score |
require_mfa_above | 70 | Require MFA verification above this score |
max_risk_threshold | 80 | Block actions above this score (unless approved) |
critical_threshold | 90 | Escalate to executive approval |
Category Weights
{
"category_weights": {
"security": 0.35,
"data": 0.30,
"compliance": 0.20,
"financial": 0.15
}
}
Context Multipliers
{
"context_multipliers": {
"environment": {
"production": 1.5,
"staging": 1.2,
"development": 0.8
},
"user_role": {
"admin": 1.4,
"service_account": 1.3,
"superuser": 1.5
},
"access_source": {
"external": 2.0,
"vpn": 1.2,
"internal": 1.0
},
"time": {
"after_hours": 1.3,
"weekend": 1.2,
"business_hours": 1.0
},
"operation_type": {
"bulk": 1.6,
"batch": 1.4,
"single": 1.0
}
}
}
Usage Examples
Get Risk Score for Action (Python SDK)
from ascend import AscendClient
client = AscendClient(api_key="your-api-key")
# Calculate risk score for an action
risk_result = client.risk.calculate(
action_type="database_update",
resource="production.customers",
namespace="database",
user_role="analyst",
environment="production",
client_ip="192.168.1.100"
)
print(f"Total Risk Score: {risk_result.total_score}/100")
print(f"Risk Level: {risk_result.risk_level}")
print(f"Requires Approval: {risk_result.requires_approval}")
print(f"Approval Level: {risk_result.approval_level}")
# Category breakdown
print("\nCategory Scores:")
for category, score in risk_result.category_scores.items():
print(f" {category}: {score}/100")
# Risk factors
print("\nRisk Factors:")
for factor in risk_result.risk_factors:
print(f" - {factor}")
Get Risk Score (cURL)
curl -X POST https://api.ascend.security/api/risk/calculate \
-H "Authorization: Bearer YOUR_API_KEY" \
-H "Content-Type: application/json" \
-d '{
"action_type": "database_update",
"resource": "production.customers",
"namespace": "database",
"context": {
"user_role": "analyst",
"environment": "production"
}
}'
# Response:
# {
# "total_score": 68,
# "risk_level": "MEDIUM",
# "category_scores": {
# "security": 70,
# "data": 65,
# "compliance": 60,
# "financial": 40
# },
# "risk_factors": [
# "production_environment",
# "database_write_operation",
# "customer_data_access"
# ],
# "requires_approval": true,
# "approval_level": 2,
# "recommendations": [
# "Consider using read-only query for analysis",
# "Ensure data access is logged for compliance"
# ]
# }
Configure Organization Thresholds
from ascend import AscendClient
client = AscendClient(api_key="your-api-key")
# Update organization risk thresholds
client.organization.update_risk_settings(
auto_approve_below=25, # More conservative
require_mfa_above=65, # Lower MFA threshold
max_risk_threshold=75, # Lower maximum
critical_threshold=85, # Lower critical threshold
# Custom category weights
category_weights={
"security": 0.40, # Increase security weight
"data": 0.30,
"compliance": 0.20,
"financial": 0.10 # Decrease financial weight
}
)
Get Risk Trends
from ascend import AscendClient
client = AscendClient(api_key="your-api-key")
# Get risk trends for the past 7 days
trends = client.risk.get_trends(
time_range_days=7,
group_by="day"
)
print(f"Average Risk Score: {trends.average_score}")
print(f"Peak Risk Score: {trends.peak_score}")
print(f"Risk Distribution:")
for level, count in trends.level_distribution.items():
print(f" {level}: {count} actions")
Get Risk Analytics
curl -X GET "https://api.ascend.security/api/risk/analytics?hours=24" \
-H "Authorization: Bearer YOUR_API_KEY"
# Response:
# {
# "time_range_hours": 24,
# "total_evaluations": 15234,
# "average_score": 42.5,
# "score_distribution": {
# "0-24": 5234,
# "25-49": 6123,
# "50-69": 2987,
# "70-89": 756,
# "90-100": 134
# },
# "category_averages": {
# "security": 45.2,
# "data": 38.7,
# "compliance": 41.3,
# "financial": 32.1
# },
# "top_risk_factors": [
# {"factor": "production_access", "count": 4523},
# {"factor": "database_write", "count": 3214},
# {"factor": "admin_operation", "count": 1876}
# ]
# }
Best Practices
Threshold Configuration
| Organization Type | Recommended auto_approve | Recommended critical |
|---|---|---|
| High Security (Finance, Healthcare) | 20 | 85 |
| Standard Enterprise | 30 | 90 |
| Development/Startup | 40 | 95 |
Weight Customization
High Security Organizations:
{
"security": 0.45,
"data": 0.30,
"compliance": 0.15,
"financial": 0.10
}
Compliance-Focused Organizations:
{
"security": 0.30,
"data": 0.25,
"compliance": 0.35,
"financial": 0.10
}
Financial Services:
{
"security": 0.30,
"data": 0.25,
"compliance": 0.20,
"financial": 0.25
}
Monitoring Recommendations
- Track Trends: Monitor average risk scores weekly
- Alert on Spikes: Set alerts for unusual risk increases
- Review High-Risk: Regularly audit actions scoring above 70
- Tune Thresholds: Adjust based on operational feedback
- Calibrate Multipliers: Customize context multipliers for your environment
Common Risk Patterns
| Pattern | Typical Score | Recommended Action |
|---|---|---|
| Read-only in development | 10-25 | Auto-approve |
| Write in staging | 30-45 | Peer review |
| Write in production | 50-70 | Manager approval |
| Delete in production | 70-85 | Senior approval |
| Admin operation anywhere | 60-90 | Escalate |
| Credential access | 85-100 | Block or executive |
Related
- Risk Calculation - Detailed calculation formulas
- Security Frameworks - CVSS, NIST, MITRE mapping
- Threshold Configuration - Configuring thresholds
- Policy Engine - How risk affects policies
- Approval Workflows - Approval configuration
Compliance
Risk scoring supports compliance with:
- SOC 2 CC3.1: Risk assessment procedures
- SOC 2 CC6.1: Logical access controls
- PCI-DSS 6.5: Application security
- PCI-DSS 12.2: Risk assessment
- NIST 800-53 RA-3: Risk assessment
- NIST 800-53 CA-7: Continuous monitoring
- HIPAA 164.308(a): Security management process
- ISO 27001 A.12.6: Technical vulnerability management