Risk Severity Calculations

1. Risk Types:SaaS Agent Security builds its risk calculations on the risk types that SaaS Agent Security detects. Each risk type has a severity label, which indicates its potential impact. We have assigned a unique weight to each severity label, creating the foundation for calculating the risk severity for agents and agent platforms.

   Severity Label	Weight Value for Calculations
   Critical	100
   High	50
   Medium	25
   Low	10

2. Agents: To calculate a risk score and assign a severity label to an agent, SaaS Agent Security completes the following steps:
   1. Identifies all the risk types detected for the agent, and adds their weighted values to determine a risk score.
   2. Identities which of the following ranges the risk score falls into.
   3. Determines the severity label based on the risk score range.

      Risk Score Range	Risk Severity Label
      0 - 24	Low
      25 -74	Medium
      75 - 149	High
      150+	Critical

   The following table contains examples of how SaaS Agent Security determines an agent's risk score and severity label based on the number and type of risks detected.

   Risks Detected on Agent	Risk Calculation and Score	Risk Severity Label
   1 Critical risk	100	High
   2 Critical risks	200	Critical
   1 Critical risk + 1 High risk	100 + 50 = 150	Critical
   3 Medium risks	25 * 3 = 75	High
   2 Medium risks + 1 Low risk	25 + 25 + 10 = 60	Medium
   None	0	Low
   1 High risk + 2 Low risk	50 + 10 + 10 = 70	Medium

3. Parent Agents: A parent agent coordinates the work of its child agents. It acts as a central orchestrator, receiving a high-level request and delegating smaller, specialized tasks to its children. Because of this hierarchical and interdependent relationship, SaaS Agent Security applies an additional calculation to determine the parent agent's risk score. This calculation uses an additive model that combines the parent's individual risk score with the average risk score of its child agents. This approach results in a final risk score for the parent agent that reflects both the parents own risk and the collective risk of the child agents it manages.
   To calculate a risk score and assign a severity label to a parent agent, SaaS Agent Security applies the following formula:
   Parent Score = Sum of ((Parent's Own Risk) + (Average of Risk Scores of all Child Agents))
   The following table contains examples of how SaaS Agent Security determines a parent agent's risk score based on its individual risk score and the risk scores of its child agents.

   Example	Risk Calculation and Score	Risk Severity Label
   A parent agent (own risk score: 25) orchestrates three children (risk scores: 70, 100, 10).	25 + ((70 + 100 + 10) / 3) = 25 + 60 = 85	High
   A parent agent has a critical risk (own risk score: 150) but manages two healthy children (risk scores: 0, 0).	150 + ((0 + 0) / 2) = 150 + 0 = 150	Critical
   A parent has no direct risks (own risk score: 0) but manages two children with critical risks (scores: 150, 160).	0 + ((150 + 160) / 2) = 0 + 155 = 155	Critical
   A high-risk parent agent (own risk score: 80) manages two high-risk children (Risk Scores: 80, 90).	80 + ((80 + 90) / 2) = 80 + 85 = 165	Critical
   A medium-risk parent agent (own risk score: 25) manages ten children with various low-to-medium risk scores (average score of 30).	25 + (Average of 10 Children) = 25 + 30 = 55	Medium

4. Agentic Platforms: The SaaS Agent Security dashboard shows the overall risk for agentic platforms. The overall risk shown on the dashboard is always relevant to your current view. When displaying an overview of all agentic platforms, it reflects the total risk across all the agentic platforms that you have onboarded. As you navigate to a single platform type or instance, the score updates automatically, providing a risk assessment at that specific level.
   Regardless of the number of platform types and instances, SaaS Agent Security uses the same calculation to determine the overall risk based on the current view. Specifically, SaaS Agent Security uses a weighted average calculation that is biased toward higher-risk agents. This approach amplifies the scores of high-risk and critical-risk agents to ensure they have a greater impact on the final risk score for the platforms in the current view.
   To determine the overall risk severity for one or more agentic platforms, SaaS Agent Security completes the following steps:
   1. Calculates a Total Weighted Score by adding the raw scores of all agents after multiplying each score by its corresponding Severity Amplification Weight.
      Total Weighted Score=∑(Agent’s Raw Score×Agent’s Severity Amplification Weight)
      The following table shows the Severity Amplification Weight we have assigned to each agent risk label for this calculation.

      Agent Risk Label	Severity Amplification Weight
      Critical	64
      High	16
      Medium	4
      Low	1

   2. Calculates the Total Weight Value by adding the Severity Amplification Weights for all agents on the platform.
      Total Weight Value=∑(Agent’s Severity Amplification Weight)
   3. Calculates the Final Platform Risk Score by dividing the Total Weighted Score by the Total Weight Value to normalize the result back into the original 0-150+ agent risk scale.
      Platform Risk Score= Total Weighted Score​/Total Weight Value
   4. Maps the resulting risk score to the appropriate risk label.
   The following table contains examples of how SaaS Agent Security determines the overall risk score for one or more agentic platforms.

   Example	Risk Calculation and Score	Risk Severity Label
   An agentic platform hosts 8 high-risk agents (risk score for each: 100) and 2 low-risk agents (risk score for each: 10).	Total Weighted Score: (8 * 100 * 16) + (2 * 10 * 1) = 12,820 Total Weight Value: (8 * 16) + (2 * 1) = 130 Final Score: 12,820 / 130 = 98.6	High
   An agentic platform hosts 1 high-risk agent (risk score: 200) and 9 low-risk agents (risk score for each: 10)	Total Weighted Score: (1 * 200 * 64) + (9 * 10 * 1) = 12,890 Total Weight Value: (1 * 64) + (9 * 1) = 73 Final Score: 12,890 / 73 = 176.5	Critical
   An agentic platform hosts 2 critical-risk agents (average risk score: 180) and 300 low-risk agents (risk score for each: 10).	Total Weighted Score: (2 * 180 * 64) + (300 * 10 * 1) = 60,600 Total Weight Value: (2 * 64) + (300 * 1) = 428 Final Score: 60,600 / 428 ≈ 141.6	High
   An agentic platform hosts 2 critical-risk agents (average risk score: 180), 5 high-risk agents (risk score for each: 100) and 300 low-risk agents (risk score for each: 10).	Total Weighted Score: (2 * 180 * 64) + (5 * 100 * 16) + (300 * 10 * 1) = 68,600 Total Weight Value: (2 * 64) + (5 * 16) + (300 * 1) = 508 Final Score: 68,600 / 508 ≈ 135.0	High
   An agentic platform hosts 21 agents with the following risk scores: 3 critical-risk agents (risk scores: 155, 180, 250). 3 high-risk agents (risk scores: 80, 100, 125). 5 medium-risk agents (risk scores: 30, 45, 50, 60, 70). 10 low-risk agents (risk scores: 5, 10, 10, 12, 15, 18, 20, 20, 22, 24).	Total Weighted Score: ((155 + 180 + 250)*64) + ((80 + 100 + 125)*16) + ((30 + 45 + 50 + 60 + 70)*4) + ((5 + 10 + 10 + 12 + 15 + 18 + 20 + 20 + 22 + 24)*1) = 37440 + 4880 + 1020 + 156 = 43,496 Total Weight Value: (3 * 64) + (3 * 16) + (5 * 4) + (10 * 1) = 192 + 48 + 20 + 10 = 270 Final Score: 43,496 / 270 ≈ 161.1	Critical
   The current view in the SaaS Agent Security dashboard shows two platform instances. SaaS Agent Security calculates the overall risk for this current view. The two platform instances are the ones described in the preceding two rows of this table. Platform Alpha: Individual Risk Score: 135.0 Individual Risk Label: High Platform Bravo: Individual Risk Score: 161.1 Individual Risk Label: Critical	SaaS Agent Security treats all 328 agents from both platforms as a single pool. Total Weighted Score: (Score from Platform Alpha) + (Score Platform Bravo) = 68,600 + 43,496 = 112,096 Total Weight Value: (Weights from Platform Alpha) + (Weights from Platform Bravo) = 508 + 270 = 778 Final Aggregated Score: 112,096 / 778 ≈ 144.1	High The aggregated score for both platforms is High, which accurately reflects the significant risk that is present. However, navigating to the Platform Bravo will reveal that its risk severity is Critical and requires more immediate attention than Platform Alpha, whose risk severity is High.