TrustX Agent Risk Classification Framework (ARC): Risk-Tiering Internally Created Agentic AI Systems
The rapid rise of agentic AI—systems capable of autonomous planning, tool use, and decision-making—has outpaced existing governance frameworks, which were largely designed for simpler, non-agentic models. This paper introduces the TrustX Agent Risk Classification Framework (ARC), a structured, repeatable tool designed to help organizations assess and categorize the risks associated with these advanced systems. By providing a clear methodology for risk-tiering, the framework aims to help developers, risk officers, and regulators implement appropriate safety controls before these agents are deployed.
Assessing Risk Through a Structured Rubric
At the heart of the ARC framework is a twelve-dimension scoring rubric that quantifies risk across factors such as autonomy, decision scope, system reach, and data sensitivity. Each dimension is scored on a scale of one to three. To ensure that high-risk factors are not hidden by averaging, the framework uses a "critical dimension" approach: if any single dimension is flagged as high-risk, or if the agent operates at the highest level of autonomy, the entire system is automatically classified as a High-Risk (Tier 3) system. This ensures that the most dangerous potential behaviors are not overlooked.
Integrating Agency and Autonomy
The framework incorporates two established models to help users understand the nature of their AI. First, it uses the "GPA + IAT" model to determine if a system is truly agentic by checking for properties like goal-pursuit, perception, action, iteration, adaptation, and termination. Second, it applies a five-level autonomy scale—ranging from a human-directed operator to a fully autonomous observer—to gauge how much freedom the agent has. These inputs, combined with the twelve-dimension rubric, produce a final risk tier (Low, Medium, or High) that dictates the level of governance required.
Specialized Guidance for Coding Assistants
Because AI coding assistants have unique risks—such as the ability to generate executable code, access sensitive repositories, and manipulate software supply chains—the framework includes a dedicated extension. This extension replaces the standard agency checklist with a 20-point capabilities assessment. This allows organizations to specifically evaluate functions like bug detection, security scanning, and CI/CD pipeline integration. By accounting for these nuances, the framework ensures that coding assistants are governed with the specific security threats they pose in mind.
Mapping Controls to Risk Tiers
Once an agent is assigned a risk tier, the framework provides mapped control recommendations to mitigate potential harm. Tier 1 (Low Risk) systems require standard practices like basic documentation and audit logs. Tier 2 (Medium Risk) systems call for enhanced measures, such as implementing "kill switches" and behavior boundaries. Tier 3 (High Risk) systems demand rigorous oversight, including continuous monitoring, third-party validation, and, in some cases, board-level approval. The framework is designed to be iterative, meaning it will continue to evolve as new agentic capabilities and risks emerge.
Comments (0)
to join the discussion
No comments yet
Be the first to share your thoughts!