Risk Scoring
Every agent in Behavry has a dynamic risk score that reflects its observed behavior. The score drives automatic policy tightening, escalation logic, and alerting thresholds.
Behavry Risk Framework
The score is a weighted composite across six dimensions, each normalized to 0–100:
| Dimension | Weight | What it measures |
|---|---|---|
| Policy denial rate | 25% | Fraction of tool calls blocked by policy |
| Anomaly frequency | 20% | How often the agent triggers behavioral anomalies |
| Data volume | 15% | Total data accessed relative to peer baseline |
| New resource access | 15% | Rate of first-ever accesses to new paths/servers |
| Session behavior | 15% | Session length and tool-call pattern vs baseline |
| Escalation outcomes | 10% | Denied escalations as a fraction of total escalations |
Risk tiers
| Tier | Score | Escalation timeout | Recommended action |
|---|---|---|---|
| Low | 0–25 | 24 hours | Standard operation |
| Medium | 26–50 | 4 hours | Monitor trends |
| High | 51–75 | 30 minutes | Review recent activity |
| Critical | 76–100 | 5 minutes | Consider suspension |
How scores change
Scores are recomputed continuously. Positive signals (consistent allowed actions, low denial rate, no new anomalies) reduce the score over time. Negative signals raise it immediately.
The risk tier feeds back into OPA policy — a high-tier agent automatically faces stricter rules without any policy edit.