Skip to main content
Risk Map is Cascade’s unified view of security and reliability risk across the agentic system. Rather than treating incidents as isolated events, Risk Map aggregates runtime telemetry, propagated permissions, and detected threats into a continuously updated model of where risk lives, how it moves, and what it can affect.

How Risk Map works

Risk Map combines data from multiple Cascade components to provide a complete risk picture.
ComponentContribution
AtlasProvides structural graph of agents, tools, and permissions
DeepStreamProvides execution evidence from reasoning traces and tool calls
SentinelContributes detections and enforcement outcomes

What Risk Map represents

Risk nodes

Entities that can introduce, amplify, or receive risk in your system.
Node TypeDescription
AgentsAI agents that make decisions and invoke tools
ToolsFunctions and capabilities agents can execute
MCP serversModel Context Protocol servers providing context
External APIsThird-party services accessed by tools
Data sourcesDatabases, vector stores, and other data systems
Each node is annotated with:
  • Observed behaviors from DeepStream traces
  • Permission scope and effective reach from Atlas
  • Historical security signals from Sentinel

Risk signals

Signals are derived from runtime observations and detections.
  • Prompt injection attempts
  • Policy-violating tool usage
  • Privilege amplification paths
  • Data access anomalies
  • Alignment drift indicators
  • Repeated failure or retry loops
  • Unexpected behavior patterns
  • Context degradation

How risk is computed

Risk Map does not rely on static scoring or predefined severity labels. Instead, risk emerges from the combination of multiple factors.
1

Structural exposure

What an agent can do based on tools, permissions, and downstream connections.
2

Behavioral evidence

What the agent actually does at runtime based on DeepStream traces.
3

Detection outcomes

What Sentinel flags as anomalous, adversarial, or policy-violating.
4

Historical context

How behavior changes over time, including gradual alignment shifts or repeated near-misses.
These inputs are continuously recomputed as agents run, deploy, and evolve.

Risk levels and interpretation

Risk Map surfaces relative risk, not absolute guarantees. Elevated-risk indicators include:
  • Behavioral anomalies: Agent accessing tools it historically never used
  • Attack patterns: Repeated prompt injections that partially influence reasoning
  • Data exposure: Data flowing to tools outside approved domains
  • Permission drift: Effective permission graph expanding over time

Visual exploration

In the Cascade Dashboard, Risk Map allows teams to:
  • Visualize high-risk agents and tools
  • Trace risk propagation paths end-to-end
  • Correlate incidents with recent prompt, tool, or model changes
  • Identify blast radius before enforcing stricter controls

Operational use cases

Use Risk Map to identify which agents require stricter enforcement modes based on their risk profile and blast radius.

Relationship to enforcement

Risk Map is observational by default, it informs but does not automatically enforce security actions unless paired with Sentinel enforcement policies. Common workflow:
  1. Use Risk Map to identify high-risk workflows
  2. Escalate those workflows to stricter enforcement modes
  3. Monitor whether risk decreases after changes

Programmatic access

Risk Map data is derived automatically once tracing is enabled.
Python
from cascade import init_tracing

init_tracing(
    project="my_project",
    enforcement_mode="observe",
    security_enforcement_mode="detect",
    endpoint="https://api.runcascade.com/v1/traces",
    api_key="your-api-key"
)
Risk signals are attached to agent runs and surfaced in the Cascade Dashboard with:
  • Associated agents and tools
  • Execution context and trace evidence
  • Propagation paths across the system