Risk Monitoring
Risk scored on two axes — data sensitivity and action consequence — reviewed in one place, not scattered across dashboards.
Prefactor classifies the risk of every agent run on two axes — how sensitive the data involved is, and how consequential the action was — weighted into a single Low / Medium / High / Critical classification your team reviews, rather than one opaque score that hides what actually happened.
Risk is classified on two axes: data sensitivity (personal identifiers, financial records, health data each carry different weight) and action consequence (reading data is different from writing it). The two combine, via configurable weights and thresholds, into a Low / Medium / High / Critical classification per run — the basis for what a reviewer looks at first.
How risk scoring works
Rather than one opaque number, Prefactor classifies risk on two axes. Data sensitivity reflects the regulatory and ethical weight of the information a run touches — personal identifiers, financial records, and health data each carry different implications if mishandled. Action consequence reflects what the agent did with that data — reading a record is different from writing one; retrieving information is different from initiating a transaction.
A risk profile assigned to an agent tells Prefactor how to weight each dimension — for example, reading data might carry a 1.0x multiplier, with other action types weighted differently — and those weights, multipliers, and thresholds combine into a classification: Low, Medium, High, or Critical. A High classification flags a run that involved high-sensitivity data, a high-consequence action, or both; it identifies a run that warrants closer attention, not proof that something went wrong.
Reviewing and acting on risk
Flagged runs land in a review workflow: a reviewer filters to a specific agent's instances, narrows to the environment and time window that matters, and opens the ones that reached a risk level worth attention — rather than scrolling every run or checking a scattered set of dashboards. Because the classification is attributed at the instance level and derived from its spans, a flagged run always breaks back down into the specific spans that drove the classification.
Where a team has runtime policies or approval routing configured, a flagged run can also route straight into those — throttle, sandbox, escalate to human-in-the-loop review, or block — rather than waiting for a manual pass.
Risk as a trend, not just a point-in-time score
A single run's classification tells you about that run. What it doesn't tell you is whether a given type of action — a specific tool call, a specific kind of data access — is becoming riskier over time, even if no individual instance crosses a threshold on its own. Prefactor tracks risk per span type the same way it tracks latency: as a distribution, with p95 and p99 views, so a slow drift toward riskier behaviour in one recurring action shows up as a trend before it shows up as an incident.
Frequently asked questions
How does Prefactor score risk?
What are the risk classification levels?
What happens when a run is flagged High or Critical?
Related glossary terms
Drop this into what you already run
TypeScript and Python SDKs, plus OpenTelemetry ingest — native for LangChain, Claude, Vercel AI, OpenClaw and LiveKit, with 15 framework integrations covered out of the box.
$ prefactor init
See it on your own agents
Book a demo and we'll walk through risk monitoring on a fleet like yours — real frameworks, real traces.
Unified performance platform for agents, authentication, and risk management