> ## Documentation Index
> Fetch the complete documentation index at: https://redberrylabs.com/docs/llms.txt
> Use this file to discover all available pages before exploring further.

# How Redberry Labs Runs Your AI Agent Risk Assessment

> Understand the per-agent risk assessment process — what factors Redberry evaluates, how the SDK integrates, and how to submit agents for underwriting.

Redberry Labs underwrites each AI agent individually, not your company or AI platform as a whole. This means that before coverage begins, Redberry inspects the specific configuration, permissions, and behaviour of each agent you want to insure. The assessment produces a risk score and a quote, typically in minutes.

## Why agent-level assessment matters

Two agents running the same underlying model can have entirely different risk profiles. Consider these examples:

* **Agent A** drafts internal meeting summaries. It reads calendar data and writes to a shared document. Its outputs are reviewed by a human before any action is taken.
* **Agent B** approves financial transactions. It has write access to payment systems, can initiate refunds up to a defined limit, and operates without a human approval gate.

Both agents may use the same model. But Agent B's potential blast radius — the scope of harm if something goes wrong — is orders of magnitude larger. Insuring them under a single policy would either overprice Agent A or dangerously underprice Agent B. Per-agent assessment ensures your premium reflects actual exposure.

## Evaluation factors

When Redberry assesses an agent, we examine the following factors:

| Factor                    | Description                                                                                              |
| ------------------------- | -------------------------------------------------------------------------------------------------------- |
| Deployment context        | Where and how the agent operates — internal tool, customer-facing product, automated pipeline, or hybrid |
| Permissions               | What data and systems the agent can access; whether least-privilege principles are applied               |
| Tools                     | Which external actions the agent can invoke — APIs, databases, payment systems, communication channels   |
| System prompts & policies | The instructions the agent operates under; whether they are version-controlled and reviewed              |
| User surface              | Who interacts with the agent — internal staff, end customers, or no humans at all                        |
| Action volume             | How frequently the agent acts; high-volume agents amplify the consequence of any single failure          |
| Guardrails                | Constraints in place to detect and limit high-risk behaviour before it causes harm                       |

## Assessment process

<Steps>
  <Step title="Configuration inspection">
    The Redberry SDK connects to your agent platform and reads the agent's current configuration — model version, tools, permissions, system prompt, and deployment context.
  </Step>

  <Step title="Controls evaluation">
    Redberry evaluates six engineering controls: permissioning, tool safety, human-in-the-loop for risk actions, data minimisation, auditability, and model and prompt governance. See [Controls](/risk/controls) for details on each.
  </Step>

  <Step title="Risk scoring">
    Each agent is scored across five risk dimensions: misrepresentation, operational failure, financial error, data exposure, and regulatory breach. See [Risk Dimensions](/risk/dimensions) for how scoring works.
  </Step>

  <Step title="Loss modelling">
    Redberry's actuarial model translates the risk score into expected loss — measured in dollars, downtime, and legal exposure — calibrated to your agent's specific blast radius.
  </Step>

  <Step title="Quote generation and scheduling">
    A quote is generated, typically within minutes. Once accepted, your agents are scheduled onto your policy and continuous monitoring begins.
  </Step>
</Steps>

## SDK integration

The Redberry SDK plugs into your existing agent platform. It serves two purposes:

1. **Pre-deployment inspection** — the SDK reads your agent's configuration at assessment time, producing the structured data Redberry uses to evaluate risk and generate your quote. You do not need to manually fill out configuration forms.

2. **Continuous monitoring** — after deployment, the SDK watches for changes to your agent's configuration and flags drift that may affect your risk profile. See [Continuous Monitoring](/risk/continuous-monitoring) for a full breakdown of what the SDK tracks.

<Note>
  The SDK is required for continuous monitoring. Without it, Redberry cannot detect post-deployment configuration changes, which means your risk profile may become misaligned with your actual exposure. Coverage terms require the SDK to remain active on all insured agents.
</Note>

## Get your agents assessed

Submit your agents for underwriting at [app.redberrylabs.com](https://app.redberrylabs.com). You can connect your agent platform, run the SDK, and receive a quote without leaving the app.