A score that adjusts ordinary vulnerability severity for how an AI agent can magnify harm at runtime. It accounts for autonomy, memory, delegation, and multi-agent behaviour so practitioners can judge the likely operational impact, not just the defect on paper.
Expanded Definition
An agentic ai Risk Score is a practical severity modifier used to estimate how much damage an AI agent could cause if a vulnerability, prompt injection, or credential leak is exploited at runtime. Unlike a static CVSS-style score, it tries to reflect operational blast radius by factoring in autonomy, memory persistence, delegated permissions, tool use, and whether the agent can coordinate with other agents.
Definitions vary across vendors, and no single standard governs this yet. In NHI and agentic AI programs, the score is most useful when it is tied to observable behaviors such as write access, secret exposure, approval bypass, and the ability to trigger downstream actions. Guidance from the NIST AI Risk Management Framework and OWASP Top 10 for Agentic Applications 2026 both support risk treatment based on context, not just defect labels.
The most common misapplication is treating the score as a universal truth, which occurs when teams apply it without checking the agent’s current permissions, memory scope, and external tool reach.
Examples and Use Cases
Implementing an Agentic AI Risk Score rigorously often introduces governance overhead, requiring organisations to weigh faster deployment against more frequent review of permissions, prompts, and integrations.
- A customer-support agent with read-only access to case history gets a moderate score, while the same model with ticket-edit and refund permissions gets a much higher score because its runtime actions can directly affect customers.
- An internal coding agent that can open pull requests but cannot merge them usually scores lower than one that can both generate code and deploy to production, because the latter can convert a defect into an outage.
- A procurement agent linked to finance systems should score higher if it can see secrets or invoke payment workflows, especially when an exposed credential could be used to chain into other systems. NHIMG research on LLMjacking: How Attackers Hijack AI Using Compromised NHIs shows how quickly exposed credentials become attack paths.
- A multi-agent workflow that lets one planner agent task another executor agent should be scored above a single-agent tool chain, because delegated behavior can amplify mistakes across systems.
- An organisation can compare scores across agent classes using the OWASP NHI Top 10 and the MITRE ATLAS adversarial AI threat matrix to separate model weakness from operational exposure.
Why It Matters in NHI Security
Agentic AI Risk Scores matter because NHI incidents often fail through permission design, not model quality. SailPoint reported that 80% of organisations have seen AI agents perform actions beyond their intended scope, including unauthorised system access, sensitive data sharing, and credential disclosure. That pattern shows why runtime context changes the severity of a defect: the same weakness is far more dangerous when an agent can act autonomously and persist state.
This is also where governance becomes measurable. An agent that can read secrets, call APIs, and delegate tasks can turn a minor prompt-injection issue into a broad compromise, which is why NHI teams should align scoring with real control expectations in the NIST Cybersecurity Framework 2.0 and the CSA MAESTRO agentic AI threat modeling framework. The AI Agents: The New Attack Surface report further shows that 92% of respondents see agent governance as critical, but only 44% have policies in place.
Organisations typically encounter the need for an Agentic AI Risk Score only after an agent has already changed data, triggered an action, or exposed a secret, at which point the score becomes operationally unavoidable to address.
Standards & Framework Alignment
This section maps relevant standards and security frameworks to the operational risks and controls described in this guidance.
OWASP Agentic AI Top 10 and CSA MAESTRO address the attack and risk surface, while NIST AI RMF set the governance and control requirements practitioners need to meet.
| Framework | Control / Reference | Relevance |
|---|---|---|
| OWASP Agentic AI Top 10 | NHI-02 | Agentic risk scoring depends on autonomy, tool use, and delegated actions. |
| NIST AI RMF | Risk should be assessed in context across the AI lifecycle and deployment setting. | |
| CSA MAESTRO | MAESTRO frames agentic threats around orchestration, autonomy, and multi-agent behavior. |
Score agents by runtime authority and tighten controls where actions can cause real-world impact.
Related resources from NHI Mgmt Group
- What is the core decision loop Agentic AI follows and why does it create security risk?
- When does just-in-time access reduce risk for agentic AI, and when does it fall short?
- When do secrets become a higher risk in agentic AI environments?
- When does Zero Standing Privilege reduce risk for agentic AI?
Deepen Your Knowledge
Reviewed and updated by the NHIMG editorial team on July 5, 2026.
NHI Mgmt Group — the #1 independent authority on Non-Human Identity, IAM, and Agentic AI security. nhimg.org