Evaluate · Platform

Risk Monitoring

Risk scored on two axes — data sensitivity and action consequence — reviewed in one place, not scattered across dashboards.

Prefactor classifies the risk of every agent run on two axes — how sensitive the data involved is, and how consequential the action was — weighted into a single Low / Medium / High / Critical classification your team reviews, rather than one opaque score that hides what actually happened.

Fleet risk Illustrative
12
LOW RISK
3
ELEVATED
1
HIGH RISK
0.71
AVG SCORE
TL;DR

Risk is classified on two axes: data sensitivity (personal identifiers, financial records, health data each carry different weight) and action consequence (reading data is different from writing it). The two combine, via configurable weights and thresholds, into a Low / Medium / High / Critical classification per run — the basis for what a reviewer looks at first.

How risk scoring works

Rather than one opaque number, Prefactor classifies risk on two axes. Data sensitivity reflects the regulatory and ethical weight of the information a run touches — personal identifiers, financial records, and health data each carry different implications if mishandled. Action consequence reflects what the agent did with that data — reading a record is different from writing one; retrieving information is different from initiating a transaction.

A risk profile assigned to an agent tells Prefactor how to weight each dimension — for example, reading data might carry a 1.0x multiplier, with other action types weighted differently — and those weights, multipliers, and thresholds combine into a classification: Low, Medium, High, or Critical. A High classification flags a run that involved high-sensitivity data, a high-consequence action, or both; it identifies a run that warrants closer attention, not proof that something went wrong.

Reviewing and acting on risk

Flagged runs land in a review workflow: a reviewer filters to a specific agent's instances, narrows to the environment and time window that matters, and opens the ones that reached a risk level worth attention — rather than scrolling every run or checking a scattered set of dashboards. Because the classification is attributed at the instance level and derived from its spans, a flagged run always breaks back down into the specific spans that drove the classification.

Where a team has runtime policies or approval routing configured, a flagged run can also route straight into those — throttle, sandbox, escalate to human-in-the-loop review, or block — rather than waiting for a manual pass.

Risk as a trend, not just a point-in-time score

A single run's classification tells you about that run. What it doesn't tell you is whether a given type of action — a specific tool call, a specific kind of data access — is becoming riskier over time, even if no individual instance crosses a threshold on its own. Prefactor tracks risk per span type the same way it tracks latency: as a distribution, with p95 and p99 views, so a slow drift toward riskier behaviour in one recurring action shows up as a trend before it shows up as an incident.

Frequently asked questions

How does Prefactor score risk?
On two dimensions: data sensitivity — the regulatory and ethical weight of the information involved, since personal identifiers, financial records, and health data carry different implications — and action consequence — what the agent did with that data, since reading a record is different from writing one. A risk profile assigned to the agent turns those two dimensions, via weights and multipliers, into a classification.
What are the risk classification levels?
Low, Medium, High, and Critical. A High classification means the run involved high-sensitivity data, a high-consequence action, or both — it flags a run that warrants closer attention, not that something necessarily went wrong.
What happens when a run is flagged High or Critical?
It surfaces in the review workflow reviewers already use to filter instances by risk level. Where a team has runtime policies or approval routing configured, a flagged run can also be routed straight to those same throttle, escalate, or block actions.

Drop this into what you already run

TypeScript and Python SDKs, plus OpenTelemetry ingest — native for LangChain, Claude, Vercel AI, OpenClaw and LiveKit, with 15 framework integrations covered out of the box.

terminal
$ prefactor init

See it on your own agents

Book a demo and we'll walk through risk monitoring on a fleet like yours — real frameworks, real traces.

Agent Performance Platform
Unified performance platform for agents, authentication, and risk management
All Systems Operational
3Global Agents
7Instances
5Services
12%Human Intervene
4High Risk
$2,360Monthly Spend
Mission ControlLive agent health with 7-day activity heartbeat
Claims Proc...68
$330/moRed
Claims Proc...65
$160/moRed
Claims Proc...82
$170/moAmber
ChatGPT74
$150/moAmber

See how every agent performs — and make it better

Prefactor helps teams observe, evaluate, and improve their AI agents in production — across every framework and provider.