Risk Confluence

Understanding Confluence

Risk confluence occurs when multiple capabilities, each individually acceptable under organizational policy, combine to create emergent risk that warrants additional controls. Traditional security models evaluate permissions in isolation. Continuum/AI requires evaluation of capability combinations.

The problem of isolation

Security frameworks historically evaluate permissions independently. Each permission grant receives individual assessment. If an individual permission poses acceptable risk, it is approved. This approach fails for agentic systems because capabilities interact in ways that create risks not present in any single capability.

Emergent risk

Emergent risk arises from capability combinations rather than individual capabilities. An agent with only read access to sensitive data poses limited exfiltration risk because it cannot transmit data. An agent with only email capability poses limited risk because it cannot access sensitive data. An agent with both capabilities possesses the complete requirements for data exfiltration.

Standard confluence conditions

Continuum/AI defines two standard confluence conditions that apply across all deployments.

Exfiltration confluence is present when an agent simultaneously possesses access to data classified as restricted or higher, capability to process external content, and capability to transmit data to external destinations. See Exfiltration Confluence for detailed requirements.

Persistence confluence is present when an agent simultaneously possesses write access to files or configuration, read access to credentials or tokens, and capability to create scheduled tasks or persistent processes. See Persistence Confluence for detailed requirements.

Implementation requirements

Organizations shall define confluence conditions applicable to their environment, implement monitoring to detect confluence conditions as specified in OBS-05, define response actions for each confluence type, and log confluence detections and responses.

Confluence monitoring integrates with authorization and observability controls to provide defense against emergent risk.

Previous
SUP: Supply Chain
Next
Exfiltration confluence