Skip to content

Risk & Deflation

How threats, vulnerabilities, and violations reduce your effective trust

Trust in KTP isn't just earned through good behavior—it's actively deflated by risk. The system applies risk as a multiplicative friction coefficient, ensuring that operational excellence cannot mask underlying vulnerabilities.(1)

  1. Risk deflation mechanics are specified in KTP-CORE Section 5.3, "Risk Factor Calculation."

The Deflation Formula

Your effective trust is always less than or equal to your base performance:

Base Trust E_base
×
Risk Factor ∏(1 - Rᵢ)
=
Effective Trust E_trust

Multiple risks compound—they don't simply add

Risk Categories

KTP recognizes four distinct risk categories, each measured and applied independently:(1)

  1. Risk category taxonomy aligns with the Context Tensor dimensions. See KTP-TENSORS Section 4, "Heat Dimension."
Security Risk

Vulnerabilities and active threats that expose the system to compromise.

  • Unpatched CVEs (High)
  • Exposed credentials (Critical)
  • Active threat indicators (Critical)
  • Missing encryption (High)
Compliance Risk

Regulatory and policy violations that create legal or governance exposure.

  • Regulatory violations (High)
  • Audit failures (Medium)
  • Expired certifications (Low)
  • Data residency violations (High)
Behavioral Risk

Anomalous patterns that deviate from established baselines.

  • Sudden capability changes (Medium)
  • Baseline deviation (Variable)
  • Unusual access patterns (Medium)
  • Timing anomalies (Low)
Operational Risk

Infrastructure and reliability concerns that affect availability.

  • Single points of failure (Medium)
  • Insufficient redundancy (Low)
  • Capacity exhaustion (Medium)
  • Dependency vulnerabilities (High)

How Risks Compound

Risks multiply rather than add. This prevents agents from offsetting severe risks with excellence elsewhere.

Compounding Example

Three risks, one result

Security
25%
Compliance
10%
Behavioral
5%
Total Deflation 36%
0.75 × 0.90 × 0.95 = 0.64

Why Multiplication Matters

If risks simply added (25% + 10% + 5% = 40%), an agent could game the system by achieving excellence in one area to offset failures elsewhere. Multiplication ensures that every risk category matters—you can't hide a critical vulnerability behind perfect compliance.

Risk Thresholds

Different trust tiers have different risk tolerances. As risk increases, agents are automatically demoted to lower-privilege tiers:(1)

  1. Trust tier definitions and transitions are specified in KTP-CORE Section 6, "Trust Tiers."
≤5%
God Mode Immediate demotion if exceeded
≤15%
Operator Warning, restricted actions
≤30%
Analyst Degraded permissions
≤50%
Observer Read-only enforcement
>50%
Hibernation Dormant, no actions permitted

Mitigation Strategies

Risk can be reduced through four primary strategies:

Remediation Fix the underlying issue—patch, rotate credentials, reconfigure
Attestation Third-party verification that risk is addressed
Isolation Contain blast radius through segmentation
Monitoring Increased observation to detect exploitation

  • Context Tensor

    See how risk is measured through the Heat dimension.

    Context Tensor

  • Telemetry

    Understand how risk signals flow through the pipeline.

    Telemetry

  • Core Concepts

    Learn about trust tiers and the Zeroth Law.

    Core Concepts