Risk tier
A classification of how consequential an agent or action is, used to set the controls it needs.
category ▸ Governance
Risk tier, in plain language.
A risk tier is a label — typically low, medium, or high — that captures how much harm an agent or action could cause if it went wrong. Tiering is the bridge between abstract policy and concrete enforcement: it lets you apply heavier controls (approval, review, tighter oversight) exactly where the stakes are highest and lighter ones everywhere else.
Risk-tiering is also a regulatory expectation. Frameworks like the EU AI Act and NIST AI RMF ask organizations to categorize AI systems by risk before deploying them, so that oversight is proportionate to impact rather than uniform.
How Cortex implements it.
This term isn't abstract here — it maps to a real capability in the runtime. Here is exactly how Cortex enforces or relates to it.
Cortex carries risk tier as a first-class field on agent identities, Action Fabric actions, and MCP servers. An action's tier drives whether it auto-executes or must be approved; an agent's tier informs its oversight and review cycle.
Because tiers are explicit and recorded, the risk register an assessor reviews is generated from the live configuration — every identity shows its tier, and the gate decisions trace back to it.
Keep building the vocabulary.
These terms sit next to this one in the governed-AI model — follow the thread to see how the controls connect.
Agent IAM
Identity and access management that treats each AI agent as a governed enterprise identity.
Policy-as-Code
Governance rules written as testable, versioned code that the runtime enforces directly.
Oversight modes
Per-agent autonomy levels that decide whether an action executes now or waits for a human.
Approval gate
A hold that pauses a high-risk action until a designated human approves it.
See Risk tier enforced, not just defined.
Book a walkthrough and watch the controls in this glossary return real verdicts, seal real evidence, and trace every fact back to its source.