PlainIDGet the full report
Agent Blast-Radius Simulator

See how far one AI agent can actually reach

Configure a single agent — its type, identity, access scope and the data it touches — and watch the simulator light up every node it can reach across PlainID's Prompt → Data → Tools → Output flow. Then apply PlainID's four run-time guardrails and watch the blast radius collapse.

Want the bigger picture? Take the free Authorization Modernization Assessment to benchmark your maturity first.

Configure one AI agent.The flow below lights up every node it can reach under standing access. Flip on PlainID's four guardrails to see the blast radius collapse.

Apply PlainID's four guardrailsInput · Data Retrieval · MCP Tools · Output
Run-time guardrails
  • Input guardrailOff
  • Data Retrieval guardrailOff
  • MCP Tools guardrailOff
  • Output guardrailOff
Blast-radius score
54/100
Severe
Breach exposure
$3,192,000
$3.2M directional, per IBM 2025
PROMPTDATATOOLSOUTPUTUser promptInjected contextVector storeStructured DBFile sharesInternal wikiCustomer recordsEmail sendTicketingCode executionPayments APIMCP registryResponse streamDownstream agents
ReachableOut of reach
Prompt2/2
Data5/5
Tools4/5
Output1/2
Board-ready report

Get the full blast-radius report (PDF)

We'll build a one-page summary you can hand to security leadership — the reachable surface, the score, the dollar exposure and how PlainID's four run-time guardrails contain it.

Agent blast radius — frequently asked questions

How the simulator models agent reach and breach exposure.

  • What is an AI agent's blast radius?
    Blast radius is everything a single AI agent can reach — the data it can read, the tools it can act through and the downstream agents it can trigger — if its identity is compromised or it behaves unexpectedly. The wider the standing access, the bigger the blast radius. This simulator scores that reach from 0 to 100 across PlainID's Prompt → Data → Tools → Output flow.
  • How is the blast-radius score calculated?
    Each node in the flow carries a sensitivity weight. The simulator lights up only the nodes your configured agent can actually reach given its type, identity model and access scope, then weighs that reachable surface by scope and identity multipliers. The result is normalized to a 0–100 score and mapped to a band: Contained, Elevated, Severe or Critical. Everything is computed in your browser — no inputs are sent anywhere.
  • Where does the breach-exposure dollar figure come from?
    The figure is directional, not a quote. It starts from IBM's Cost of a Data Breach 2025 average for credential-driven breaches and scales it by your agent's leak likelihood (driven by the identity model), the blast-radius score and the sensitivity of the data in reach. When ungoverned AI touches confidential, regulated or material non-public data, it adds IBM's reported shadow-AI cost premium.
  • What are PlainID's four guardrails?
    PlainID applies run-time authorization at four points in the agent flow: an Input guardrail filters untrusted prompts and injected context, a Data Retrieval guardrail authorizes every retrieval instead of granting standing access, an MCP Tools guardrail gates tool and write actions, and an Output guardrail masks sensitive responses and blocks unchecked agent-to-agent fan-out. Toggle them on to watch the reachable surface, score and dollar exposure collapse.
  • Is this a real assessment of my environment?
    It is a directional model to make agent risk concrete and board-ready, not an audit. The node map, weights and dollar factors reflect common enterprise patterns and published benchmarks. For a tailored evaluation of your agent estate and how PlainID's run-time authorization contains it, request the full report and a PlainID specialist will follow up.