Skip to main content

Documentation Index

Fetch the complete documentation index at: https://redberrylabs.com/docs/llms.txt

Use this file to discover all available pages before exploring further.

Every agent Redberry Labs underwrites receives a risk score built from five dimensions. Each dimension captures a distinct type of potential harm — from misleading a customer to triggering a regulatory investigation. Understanding these dimensions helps you identify where your agent carries the most exposure and what engineering changes would reduce your premium.

The five risk dimensions

How likely is this agent to produce misleading outputs, and how seriously would those outputs harm the people who act on them?Misrepresentation risk measures the probability that your agent generates inaccurate, incomplete, or deceptive information — and the severity of the consequences if someone acts on that information without questioning it.Factors Redberry considers:
  • Whether the agent is customer-facing or internal
  • The domain the agent operates in — finance, healthcare, and legal advice carry higher stakes than general information retrieval
  • How directly users act on the agent’s outputs, and whether a human reviews them before action is taken
  • Whether the agent qualifies its uncertainty or presents outputs with false confidence
  • Whether the system prompt instructs the agent to avoid making definitive claims in high-risk domains
What happens when this agent takes an incorrect action, and how bad can it get?Operational failure risk captures the downstream consequences of an agent acting incorrectly — not just whether the action itself fails, but how quickly the failure is detected, whether it can be reversed, and whether it cascades into broader system disruption.Factors Redberry considers:
  • The reversibility of actions the agent can take — sending an email is irreversible; staging a database write is not
  • How quickly a failure would be detected, and whether alerting is in place
  • Whether a human can intervene before an incorrect action reaches a point of no return
  • The potential for cascading effects — whether one incorrect action can trigger downstream failures in other systems
  • Whether human-in-the-loop approval gates exist for high-stakes operations
Can this agent move money, and what are the limits on what it can do?Financial error risk applies to any agent that can initiate, approve, or modify financial transactions. Even agents that only query financial data carry some exposure if that data influences downstream decisions.Factors Redberry considers:
  • Whether the agent can directly approve, initiate, or modify transactions
  • The maximum transaction size the agent can authorise without human approval
  • Whether approval gates exist and how they are enforced
  • Spending limits and whether they are enforced at the system level or only by the agent’s instructions
  • Whether the agent has read-only versus write access to financial systems
What sensitive data can this agent access or transmit, and how well is it protected?Data exposure risk reflects the type and sensitivity of data your agent can reach — and the controls in place to prevent that data from leaking, being over-retained, or being transmitted to unintended recipients.Factors Redberry considers:
  • The categories of sensitive data the agent can access: personally identifiable information (PII), financial records, health data, or trade secrets
  • Whether the agent can transmit data outside your controlled environment — to third-party APIs, external services, or end users
  • Whether data minimisation controls are in place, preventing the agent from accessing more data than it needs
  • Whether the agent persists sensitive data in caches, logs, or memory beyond the scope of a single task
  • Which regulatory frameworks apply — GDPR, HIPAA, PCI-DSS, or others — and the compliance exposure if data is mishandled
Is this agent operating in a regulated domain, and does it produce outputs that could constitute regulated advice?Regulatory breach risk covers the legal and compliance exposure created by your agent’s outputs and actions. Agents that produce outputs resembling regulated advice — financial guidance, medical recommendations, legal counsel — carry elevated risk even if you do not intend them as formal advice.Factors Redberry considers:
  • Which regulations apply to the domain the agent operates in, and which jurisdictions are in scope
  • Whether the agent produces outputs that could be construed as regulated advice — investment guidance, clinical recommendations, legal opinions
  • Whether you have a formal compliance review process for the agent’s system prompt and outputs
  • How frequently the agent’s instructions and outputs are audited against applicable regulations
  • Whether appropriate disclaimers are surfaced to users who interact with the agent

How dimensions combine into a risk score

Redberry’s proprietary loss model takes the scores across all five dimensions and produces a single risk score for each agent. The model does not simply average the dimensions — it weights them according to the agent’s specific configuration and blast radius. An agent with a very high financial error score but low scores on all other dimensions will be priced differently from one with moderate scores across all five. The model accounts for the dollars at stake in a worst-case loss event, the expected time to detect and remediate, and any legal or regulatory exposure that would compound the direct financial impact. The result is a premium calibrated to your agent’s actual exposure — not a generalised AI risk bucket.
Improving your controls on any single dimension can reduce your premium. You do not need to address all five dimensions simultaneously. Start with the dimension carrying the most exposure for your agent. See Controls to understand which engineering practices affect each dimension.