Risk profile
A risk profile is a configuration assigned to an agent that tells Prefactor how to classify the data risk of each run it produces.
You build a profile by setting weights for categories of data — personal identifiers, financial information, health records, and similar — multipliers for types of actions performed, and thresholds that map an aggregated score to a risk level: Low, Medium, High, or Critical. Once a profile is assigned to an agent, every instance that agent produces gets a risk classification derived from the spans in that run.
Risk profiles belong to the account and can be assigned to as many agents as you like. One profile can serve as the baseline across many agents; individual agents can each have their own when the data they handle warrants different thresholds.
How risk is scored
Section titled “How risk is scored”Each span type in the activity schema declares which data categories and actions it can touch. Prefactor scores that declaration by summing, for every included category and allowed action, category weight × action multiplier. A span type that declares several categories or actions therefore scores higher than one that declares only a single pair.
For an instance, Prefactor multiplies each span type’s score by how many spans of that type ran in the run, then sums those contributions. The instance’s risk level is whichever band contains that total score.
For example, a span type that reads Personal identifiers (weight 8) and Contact information (weight 4) under the Read data multiplier of 1.0 scores 8 × 1.0 + 4 × 1.0 = 12 per invocation. Three such spans contribute 36 to the instance total. A second span type scoring 5 once adds 5, for a total of 41. If 41 falls in the Medium band configured in the profile, the instance is classified Medium.
Profiles also define agreed risk — which actions are allowed and which data categories are in scope. Prefactor compares an agent’s declared capabilities against that agreement and flags anything that exceeds it on the Agent Overview tab.
Crossing a threshold does not automatically block or terminate a run. The classification is a label shown in the platform for human review — enforcement remains with your team.
In the Admin UI
Section titled “In the Admin UI”- Risk profiles page — create and manage profiles for your account.
- Risk profile detail page — thresholds, agreed risk, category scores, multipliers, and which agents use the profile.
Related concepts
Section titled “Related concepts”- Account — risk profiles belong to the account and can be reused across agents.
- Agent — risk profiles are assigned to agents; an agent with a profile will have its instances classified.
- Instance — risk classification is calculated and displayed at the instance level.
- Span — each span contributes to the instance’s risk score via the data categories and action types it involves.