Residual risk is the live score that drives every pre-action decision and gets updated by every outcome. A continuous read on how trusted every agent is, right now.
Residual risk is the risk that remains after controls, approvals, and mitigations are applied. Reign maintains it as a continuously updated score, per agent, per model, per workflow, per environment. The score is the input to the next pre-action decision and the artifact the regulator wants to see, sourced from the runtime and signed into the audit chain.
“Should this agent take this action in this business context?”
“Did the process produce the intended outcome within acceptable risk?”
“Should this agent be allowed to take this action, given what the agent is approved to do, the business objective, the policy in force, the controls available, the risk that remains after those controls, and whether this agent is currently operating within tolerance?”
“Did the action produce the intended outcome, and was that outcome aligned with the business objective, controls, and risk tolerance?”
One canonical walk-through. A credit-decisioning agent whose residual risk shifts mid-shift and produces a hold signal before the next material action.
The same assurance pattern applies to procurement approvals, vendor onboarding, claims processing, IT change execution, security response, finance operations, and customer operations. We use credit decisioning here for clarity. The pattern is workflow-agnostic.
The credit-decisioning agent starts the shift in the low band. Controls are firing as expected. Outcomes over the recent window are aligned with policy. The pre-action layer is allowing actions in scope under the policy in force.
An income-verification control fires against a counterparty file and returns a discrepancy the agent cannot resolve. The failure is captured as a signed control event and posted to the evidence stream the score reads from.
Within the same window, outcome validation flags that the agent has approved three borderline files a human reviewer would have escalated. The drift signal lands on the agent and the workflow, scoped to the model version in production.
Reign recomputes residual risk against the failed control event, the drift signal, and the policy weighting. The score crosses the middle-band threshold. The update is signed into the audit chain with the evidence that produced it.
The pre-action layer reads the new score on the next call. The action is held with the reviewer context the policy requires. The reviewer’s decision posts back to the score, and the score moves accordingly.
The evidence record cites the policy in force at the time, the score at the time, and the decision that score produced. The audit chain reproduces the full sequence, signed end to end.
That is the closed loop in one canonical example. Pre-action assurance reads the score. Outcome validation updates the score. The audit chain records every movement.
Inputs, bands, drift detection, and how the score stays current in production.
Controls reduce risk. They do not eliminate it. What is left over after the controls have done their work is residual risk, and in autonomous AI it is the variable that decides whether the next action should be allowed to proceed. Most enterprise AI governance products treat residual risk as a quarterly assessment. A spreadsheet exercise. A risk register that gets updated after a steering committee. That cadence cannot govern a system that takes actions every second.
Reign treats residual risk as an operating variable. It is computed continuously from runtime evidence, scoped to the unit of accountability, signed into the audit chain at every update, and exposed to the pre-action decision point on every call.
Residual risk is computed from runtime evidence, not from out-of-band assessments. Each family is sourced from a system of record. The weighting is policy-driven and visible to the customer.
Whether each relevant control fired the way it was supposed to fire, sourced from the same control attestations the audit chain records.
Whether outcomes have been aligned with the business objective, with the controls, and with the risk tolerance over the recent operating window.
Whether the model, prompt template, fine-tune, tool configuration, or policy has changed since the last good state, sourced from the approved model registry and the change-packet stream.
Whether the runtime, the data plane, the credential plane, or upstream dependencies have reported a state change that affects this unit of accountability.
Whether a regulator, an internal audit team, an incident response process, or a customer attestation has produced a signal that should adjust the score.
The pre-action decision point reads the current residual risk score for the agent, the model, the workflow, and the environment in play. Band thresholds are versioned, signed, and pinned to the runtime.
Actions in scope proceed under the policy in force. Every call is still recorded and the score still updates from the outcome.
Actions are held with the context a reviewer needs to decide. The reviewer's call is itself an evidence event that updates the score.
Actions are refused at the pre-action layer. The refusal is signed into the audit chain with the policy citation that justifies it.
Outcome events update the score in real time. A control attestation that fired correctly nudges the score down. A control attestation that fired incorrectly nudges the score up. A drift signal on the underlying model produces a step change with an explicit change packet. Every movement is sourced.
Drift detection runs on the model, the agent, the workflow, and the environment. A shift in outcome alignment, a shift in control firing rates, a change in upstream dependencies, or an approved change to the model itself each produces a signed event that the score reads. The policy that was in force at the time of the decision is the policy the evidence record cites.
A score at any point in time can be replayed against the evidence that produced it. The regulator can reproduce what was known, what was scored, and what was allowed under that score.
Reign operates continuously in production. At runtime, before material agent actions, as exceptions occur, and as outcomes are observed. The score reflects what the runtime knows now, not what a steering committee knew last quarter.
Pre-action assurance, outcome validation, and residual risk scoring are the three faces of Continuous Operational Assurance. Residual risk is the score the other two read from and write back to.
Assurance Packs is the closest Spine peer. The pack is the regulator-facing artifact that bundles the score, the controls, and the outcomes into the format the framework expects.
Four stages. Each one scopes and qualifies the next. Most enterprises start at Stage 1.