Skip to content

Risk scoring: integrate amplified risk into the headline Safety Score #202

Description

@arunSunnyKVS

Follow-up to the deployment-aware risk scoring feature.

This PR intentionally left computeWeightedScores (the headline Safety Score / Attack Success Rate) unchanged — it's still the severity-weighted % of attacks defended, and the summary shape is asserted exactly by the orchestrator-equivalence test.

Decide and implement how the amplified per-evaluator risk should feed the headline:

  • Weight failures by amplified risk (per-evaluator, worst-case) instead of the static severity weight.
  • Note: at high agentic power the continuous uplift compresses everything toward 10, so it barely moves the headline — needs a deliberate aggregation choice, not a drop-in.
  • Separately: should a critical finding floor the overall risk band? Today a run with critical findings can still read "Medium Risk" if the defended-ratio is high.

Requires updating summary consumers + the equivalence test's exact-shape assertion.

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions