Agentic risk matrix (open web & closed environments)
This page provides a quick-reference risk matrix for agentic systems: agent type, possible action, interpretive risk, typical drift, and required governance mechanism.
Status:
Canonical framework (discussion tool). This matrix does not replace doctrine. It serves to identify high-risk zones and quickly orient toward applicable standards.
Principle: an agent can be “factual” locally and yet drift globally through unbounded inference, abusive generalization, or implicit decision. The matrix below aims to make these risks visible before deployment.
Dependencies and applicable standards
- Interpretive governance for AI agents
- Enforceable response conditions for AI agents
- Typology of interpretive drifts in agentic systems
- Interpretive governance (definition)
Matrix
Reading: for each agent type, identify the main action, the dominant interpretive risk, the typical drift, and the required governance. Listed mechanisms are cumulative.
| Agent type | Possible action | Interpretive risk | Typical drift | Required governance |
|---|---|---|---|---|
| Customer support | Responses, promises, ticket pre-filling | Unauthorized promise, perimeter extension | Silent extrapolation, abusive generalization | Perimeters + inference prohibitions (guarantees, timelines) + response conditions |
| Compliance / AML | Recommendations, flags, prioritization, reports | Normative hallucination, false audit | Moral hallucination, narrative justification | Source hierarchy + rule traceability + mandatory escalation at high stakes |
| Finance | Forecasts, summaries, scenarios, recommendations | Abusive inference, surface certainty | Abusive generalization, involuntary persuasion | Mandatory silences + response conditions + inference prohibitions (ranges, certainties) |
| HR | Advice, syntheses, decision recommendations | Implicit decision, bias, opaque jurisdiction | Paternalistic redirection, false audit | Action perimeters + escalation + traceability + prohibitions on sensitive recommendations |
| IT / SecOps | Diagnosis, remediation, script execution | Irreversible action, wrong context assumption | Context inference, silent extrapolation | Action perimeters + double validation + escalation + execution logs |
| Legal | Clauses, syntheses, policy interpretation | Implicit obligations, false advice | Normative hallucination, abusive generalization | Source hierarchy + mandatory silences + canonical reference + escalation |
| Sales / CRM | Qualification, recommendations, messages, prioritization | Interpretive profiling, persuasion | Context inference, involuntary persuasion | Perimeters + inference prohibitions + response conditions + minimum transparency |
| Web agents (open web) | Search, synthesis, citations, public responses | Attribution error, unstable reconstruction | Structural hallucination, perimeter drift | Canonical surfaces + source hierarchy + disambiguation + negations (A2) |
Recommended usage
- Before deployment: classify the agent and identify high-risk zones.
- After deployment: map incidents to a typical drift, then correct by mechanism.
- In audit: require that a refusal, action, or recommendation be attributable to a rule.
Recommended internal linking
- Agentic (executive entry)
- Frameworks
- Interpretive governance for AI agents
- Enforceable response conditions
- Interpretive drifts in agentic systems
Back to registry: Frameworks and applicable standards.