A scoring framework that evaluates production AI agents across three security dimensions and places each on a shared risk quadrant — so buyers, security teams, and vendors speak the same language about agent risk.
Every evaluated agent is placed on a two-axis risk map — Defense Controls vs. Attack Surface — with Blast Radius encoded as bubble size. The result is four risk positions.
Each bubble is a scored agent — click to view its full profile. The quadrant gives categorical placement; a composite AIRQ Score combines all three axes into a single number for precise ranking.
Every agent is scored on its documented default configuration using public evidence — vendor docs, published CVEs, and independent research. Three axes feed into the quadrant and the composite AIRQ Score.
How easily the agent can be compromised
How much damage a compromised agent can cause
How effectively defenses reduce raw risk
Compare agents side by side before procurement. Use quadrant placement and AIRQ Scores to inform shortlists and communicate risk tradeoffs to leadership.
Map the attack surface and blast radius of every agent in the portfolio. Prioritize hardening efforts and track defense control gaps.
See how your product compares against peers on the same rubric. Identify defensive gaps before customers do, and demonstrate security posture with an independent score.
AIRQ is developed and maintained by AI security researchers and practitioners from across the industry. View all contributors →
AIRQ promotes healthy AI risk appetite and rewards vendor transparency. Built on a rigorous, data-driven methodology aligned with established industry standards, it enables risk quantification where existing frameworks stop at guidance — and works on its own for AI agent selection, threat modeling, and security hardening.
The AI Agent Risk Quadrant is the first comparative security scoring of the AI landscape, spanning 10 product classes. It introduced a risk ranking with a transparent and vendor-neutral methodology — combining NIST, OWASP, MITRE, and CSA guidance into one framework enterprises can actually use — to assess agentic AI in procurement and align their security posture with their risk appetite.
The AIRQ framework uses CoSAI’s three security principles — Human-governed & Accountable, Bounded & Resilient, and Transparent & Verifiable — as a qualitative checkpoint for agents near quadrant boundaries, and draws on CoSAI’s agentic governance and supply-chain workstreams to calibrate its defense scoring tiers. As Workstream 4 matures its recommendations on agentic identity and delegation models, the Inter-Agent and Orchestration surfaces are exactly where the field continues to evolve sharper guidance.
The methodology doc is a big step up in rigor over other public AI-security scoring docs.
Together, MAESTRO + the Lethal Trifecta + AIVSS + AST10 give this methodology structural depth, quantitative rigor, and operational specificity needed to produce risk rankings that are actually actionable for practitioners.
This is a real framework with a genuinely good taxonomy. Giving each class its own attack model instead of lumping everything under ‘AI agent’ is exactly the right instinct, and the per-class profiles are where the report is at its best. The report’s sharpest points about security architecture are what a busy reader should walk away with.
Compare production AI agents across attack surface, blast radius, and defense controls — on a shared, independent risk map.