A risk rating is a governance signal that indicates how much scrutiny an AI asset should receive based on its context, behaviour, or business impact. Used properly, it helps teams prioritise exception handling and review effort instead of applying the same process to every AI initiative.
Expanded Definition
Risk rating is a governance mechanism that assigns a relative level of scrutiny to an AI system, agent, or supporting NHI based on context, behaviour, sensitivity of data, and potential business impact. In NHI and agentic AI programs, the rating is used to decide whether a workload needs lightweight review, formal approval, stronger controls, or ongoing monitoring.
Unlike a technical score that tries to measure exploitability alone, a risk rating blends operational, security, and governance factors. That distinction matters because two systems can use the same API key or service account pattern, yet deserve different treatment if one can move money, alter customer records, or trigger autonomous actions. In that sense, risk ratings are often used to prioritise control effort under frameworks such as the NIST Cybersecurity Framework 2.0, but definitions vary across vendors and no single standard governs this yet.
For NHI Management Group, the useful question is not whether a system is “risky” in the abstract, but what review path its rating should trigger, how often that rating should be revisited, and who can override it. The most common misapplication is treating a one-time rating as permanent, which occurs when teams fail to recalculate it after scope, privilege, or data access changes.
Examples and Use Cases
Implementing risk ratings rigorously often introduces review overhead, requiring organisations to weigh faster delivery against the cost of added approvals, documentation, and periodic reassessment.
- A customer support agent with read-only access to non-sensitive tickets may receive a low rating and a streamlined control path.
- An autonomous finance agent that can create invoices and call payment APIs may receive a high rating and require approval under stricter segregation-of-duties rules.
- A CI/CD service account that can deploy production code but cannot access secrets directly may be rated medium, then raised if its scope expands.
- An external integration using third-party tokens may be flagged for enhanced scrutiny because NHI governance gaps often start with exposed or overly broad credentials.
- A team may align its assessment with the Top 10 NHI Issues to ensure the rating reflects privilege, rotation, and secret-handling weaknesses, not just business importance.
Risk ratings are also useful for exception handling, where a high-impact system gets temporary approval with compensating controls while a lower-impact system is routed through standard review.
Why It Matters in NHI Security
Risk rating matters because NHI environments tend to grow faster than governance processes. NHIMG research shows that NHIs outnumber human identities by 25x to 50x in modern enterprises, and 97% carry excessive privileges, which means a weak or stale rating can leave the most dangerous assets under-reviewed. When a rating system is missing, organisations tend to apply the same approval path to every workload, which creates blind spots for service accounts, API keys, and AI agents that can act at machine speed.
That problem is not theoretical. The 2024 ESG Report: Managing Non-Human Identities found that 72% of organisations have experienced or suspect they have experienced a breach of non-human identities, and the Ultimate Guide to NHIs reports that 79% of organisations have experienced secrets leaks, with 77% of those incidents causing tangible damage. A practical risk rating helps surface which assets deserve immediate containment, secret rotation, or privilege reduction.
Organisations typically encounter the need for a defensible risk rating only after a compromise, a failed audit, or an incident review exposes that the most powerful NHI was never treated as high risk in the first place.
Standards & Framework Alignment
This section maps relevant standards and security frameworks to the operational risks and controls described in this guidance.
OWASP Non-Human Identity Top 10 and OWASP Agentic AI Top 10 address the attack and risk surface, while NIST CSF 2.0 set the governance and control requirements practitioners need to meet.
| Framework | Control / Reference | Relevance |
|---|---|---|
| NIST CSF 2.0 | ID.RA | Risk assessment is central to determining how much scrutiny a system should receive. |
| OWASP Non-Human Identity Top 10 | NHI-01 | Risk ratings help prioritise exposed or overprivileged non-human identities for review. |
| OWASP Agentic AI Top 10 | AGENT-02 | Agentic systems need context-based review because autonomy changes risk posture. |
Classify NHI and agent risk using repeatable criteria, then adjust control depth to the assessed level.
