A scoring system with 12 dimensions for evaluating the danger of internally developed AI agents was published on arXiv this week by researchers from the Responsible AI Institute and Imperial College London [S1] [P3]. The goal is to transform the common risk officer query—"how risky is this agent?"—into a consistent, three-level governance decision. However, the model lacks peer review, shows no real-world use beyond its own example, and its creators admit it is still a work in progress. Its adoption by corporate boards depends on upcoming developments.
The gap ARC is trying to fill
The researchers' initial assertion is simple: agentic AI technologies have outpaced the governance structures intended to control them [S1]. Risk assessment tools made for general AI, like chatbots and recommendation systems, were not built for agents capable of accessing production databases, running code, or dispatching emails independently.
This gap is tangible, not theoretical. The wider field is advancing but remains unsettled. A 2025 arXiv preprint introducing an "Agentic Risk & Capability Framework" currently has no citations [P5], while an open-source Zero Trust governance specification for autonomous agents on GitHub has attracted 65 stars and 11 open issues [P4]. The interest exists, but a consensus does not.
How the framework actually works
ARC, which stands for Agent Risk Classification, evaluates an agent using a 12-dimension scoring system that the researchers state measures risk across various elements not completely listed in the abstract [S1]. This scoring feeds into two additional parts: a GPA + IAT classification model and a five-level autonomy structure based on prior research [S1]. The autonomy scale measures the agent's ability to operate without human intervention—distinguishing between a tool that suggests an action and one that carries it out.
These elements generate a three-level governance result, with each level linked to particular control suggestions [S1]. It functions like a traffic light: low-risk agents receive minimal oversight, high-risk ones face strict guardrails, and the middle level gets a balanced approach. The system also features a specific add-on for coding assistants—the type of agent most likely running unnoticed within a dev team—to address details unique to systems that write or alter code [S1].
A live, interactive version is available at arc.responsible.ai, allowing users to experience the scoring method firsthand [S1].
What it means
For a tech leader determining if a recently built internal agent requires a formal risk review, ARC provides a structured, repeatable method instead of relying on intuition—a missing piece in the industry. The 12-dimension rubric compels a methodical review of an agent's capabilities, autonomy level, and failure consequences. The three-level result delivers a governance decision that a risk committee can execute.
The system is designed for four groups: AI governance professionals, risk officers, developers, and regulators [S1]. This wide scope is both beneficial and restrictive. A model attempting to satisfy all four might become too superficial for each. The researchers recognize this, noting that the framework will undergo frequent updates as it grows [S1].
The realistic assessment: this is a proposal, not an established standard. The term "robustly" used by the researchers to describe their rubric is a self-evaluation [S1]. It has not been tested by external parties, adopted by regulators, or deployed publicly by enterprises. The paper's example demonstrates the framework theoretically, which differs from practical application.
What it means for business
A small fintech creating an agent to read and draft customer email replies can utilize ARC's interactive tool to evaluate their system for free right now. The 12-dimension rubric will prompt them to address questions they might otherwise ignore: what is the agent's autonomy, what data can it reach, and what occurs if it sends an incorrect response?
A local real estate firm testing an agent that retrieves property data and auto-completes listings presents a different risk profile. The potential for financial damage is lower, but the risk of reputational harm from a hallucinated price is higher. ARC's three-level output would probably rank this as lower risk, though the coding assistant add-on applies if the firm's developer employs an AI coding tool to construct the agent.
For larger companies, the model aligns with current governance frameworks. Risk officers can integrate the three-level result into their risk registers. Developers receive a checklist. Regulators obtain a reference, even though none have backed it yet.
The actionable step this week: direct the person in charge of AI governance to the interactive tool, evaluate one internal agent using the scoring rubric, and determine if the three-level decision aligns with the team's intuition. If it matches, the framework warrants further investigation. If it diverges, the discrepancy itself provides valuable insights.
What we don't know yet
The complete methodology for the 12 dimensions is absent from the abstract and the arXiv page. The available text lacks the full rubric, scoring weights, and the boundaries between each tier [S1]. Without this information, evaluating the rubric's resilience under independent review is impossible.
The researchers' affiliations go beyond what was initially found. Hannah Liu and Rhea Saxena are listed at the Responsible AI Institute, with Liu also associated with Imperial College London [P3], but the complete author list is truncated in the accessible text.
There is no proof of regulatory adoption, enterprise use, or external auditing [S1]. The assertion that the framework robustly measures risk is the researchers' own claim, unconfirmed by peer review or outside testing [S1].
The next clear indicator to monitor: whether any organization—be it a regulator, a large corporation, or a mid-sized company—publicly implements or modifies ARC in the near future. The researchers state they will update it frequently [S1], meaning adjustments to the rubric or tier boundaries could arrive soon. Peer review would provide the strongest validation if it occurs. Until that happens, ARC remains a well-organized concept awaiting its initial real-world trial.
If this kind of practical governance breakdown is useful, subscribe to keep reading — there's more where this came from.
Sources
- [S1] TrustX Agent Risk Classification Framework (ARC): Risk-Tiering Internally Created Agentic AI Systems — arXiv preprint (cs.AI, cs.LG) (attributed)
- [S2] TrustX Agent Risk Classification Framework (ARC): Risk-Tiering Internally Created Agentic AI Systems — arXiv cs.AI new (official RSS) (attributed)
- [P3] TrustX Agent Risk Classification Framework (ARC): Risk-Tiering Internally Created Agentic AI Systems — TrustX Agent Risk Classification Framework (ARC): Risk-Tiering Internally Created Agentic AI Systems (attributed)
- [P4] massivescale-ai/agentic-trust-framework — massivescale-ai/agentic-trust-framework (attributed)
- [P5] With Great Capabilities Come Great Responsibilities: Introducing the Agentic Risk & Capability Framework for Governing Agentic AI Systems — With Great Capabilities Come Great Responsibilities: Introducing the Agentic Risk & Capability Framework for Governing Agentic AI Systems (attributed)
- [P6] da-fr/arc-prize-2024 — da-fr/arc-prize-2024 (attributed)
More from Not A Tech Guy
- LLM agent framework blocks hallucinated actions in industrial control
- KV-PRM cuts AI agent scoring cost 5,000x via cache reuse
- CogniConsole: LLM reliability tied to control, not capability
Generated from an audited evidence pack with primary-source research. Social-media items are discussion signals, not verified facts. Nothing here is financial, legal or medical advice.