Blast radius
The total damage an agent could do if it's compromised, prompt-injected, or simply wrong.
Blast radius is the maximum harm an agent could cause if things go wrong — whether through a bug, a bad model decision, or a prompt injection that turns the agent against you. It’s measured not by what the agent is supposed to do, but by everything it’s capable of doing.
With a raw API key, the blast radius is the entire account: every action that credential can perform, with no cap and no record. A support agent holding such a key has a blast radius that includes deleting records, exporting customer data, and moving money — none of which is its job.
Shrinking blast radius is the core goal of agent governance, and it’s achieved deterministically rather than probabilistically. Scope removes capabilities the job doesn’t need (so they can’t be misused). Guards cap the impact of capabilities it does have (a payment agent can pay, but not more than $X). Invisibility hides ungranted tools so they can’t even be attempted.
The strategic value: you don’t have to predict every way an agent could be tricked. You only have to ensure that when it is tricked, the dangerous action simply isn’t on the table. A small, deliberate blast radius makes your worst case survivable in advance.
Related terms
Kill switch
One action that instantly revokes an agent's access across every tool and capability.
Agent control plane
The layer in the path of every agent action that decides, enforces, and records what each agent can do.
Attribution
Tracing every agent action back through the agent identity to the accountable human who owns it.
Guard
Your business rules, enforced before an agent's action runs — caps, allowlists, approval thresholds, freeze blocks.
Put every agent your company runs under one policy.
Watch HiveKey scope, guard, and block a live action on your own agents — 30 minutes, no slides, no commitment.