ACRS
ACRS, the Agentic Capability Risk Score, is Gamut’s native model for scoring the risk that an agent’s capabilities carry. Where traditional assessment looks at a model’s outputs, ACRS looks at what an agent can do: the tools it can call, the data it can reach and the actions it can take.
Why capability risk is different
Section titled “Why capability risk is different”An agent that can only answer questions carries different risk from one that can move money, change records or call external systems. The risk is not just in what the agent says but in what its capabilities allow it to do, and what would happen if it did so wrongly or was misused. ACRS makes that capability risk explicit and scorable.
The four dimensions
Section titled “The four dimensions”ACRS scores an agentic workflow across four dimensions. Each is rated on a three-level scale.
| Dimension | The question it answers |
|---|---|
| Operational Dependency | How hard would it be for the organisation to keep working safely if the AI failed or was withdrawn? |
| Action Autonomy | How much can the AI decide or do before a human has approved it? |
| Access Scope | Which data, tools, identities, systems and actions are reachable by the AI? |
| Harm Potential | How bad could the consequences become if the AI workflow failed or was abused? |
How the score works
Section titled “How the score works”The four dimension scores are combined into a single Agentic Capability Risk Score. Because the dimensions multiply rather than add, risk grows quickly when several factors are high at once: an agent that is highly autonomous and has broad access and high harm potential scores far higher than any single factor alone. The maximum score is 81.
The score falls into one of three risk bands, and each band routes a different depth of GTSAF controls:
| Band | Score range | GTSAF control depth |
|---|---|---|
| Low risk | 1 to 8.99 | Baseline controls: fundamental governance and data protection. |
| Medium risk | 9 to 36.99 | Enhanced controls: baseline plus validation and oversight controls. |
| High risk | 37 to 81 | Comprehensive controls: all relevant GTSAF controls for the system. |
This is what makes ACRS practical: it turns a capability assessment into a concrete, proportionate control set, so low-risk agents are not over-governed and high-risk agents get the full baseline.
How ACRS fits the agentic stack
Section titled “How ACRS fits the agentic stack”ACRS informs how tightly an agent should be governed at runtime:
- A higher score points to stricter Gateway policy, more approvals and more runtime evidence.
- It sets a lower starting ATF autonomy level and a more demanding set of ATF controls.
- It complements ATF assessment in Agentic CISO, which governs the agent across its lifecycle.
- ATF, the agent trust and autonomy control model.
- GTSAF, the control baseline ACRS routes.
- Agentic CISO, where agent capability and trust are governed.