agents-for-openbb · 50 sessions analysed · 7 risks from register
| Control Gap Severity | Risk ID | Risk description | Declared severity | Expected controls | Control Gap Rate | Failed | N/O | Verified | ||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| CRITICAL | RISK-FIN-001 | The LLM agent may produce factually incorrect financial data… | CRITICAL | Audit Trail, Confidence-Based Human Routing, Decision Record Structure, Human-in-the-Loop Mechanism, Escalation to Human, Human Validation mapped | 100.0% | 50 | 0 | 0 | ✗ | ✗ | ✗ | ✗ | ✗ | ✗ | ✗ | ✗ | ✗ | ✗ | ✗ | ✗ | ✗ | ✗ | ✗ | ✗ | ✗ | ✗ | ✗ | ✗ | ✗ | ✗ | ✗ | ✗ | ✗ | ✗ | ✗ | ✗ | ✗ | ✗ | ✗ | ✗ | ✗ | ✗ | ✗ | ✗ | ✗ | ✗ | ✗ | ✗ | ✗ | ✗ | ✗ | ✗ | ✗ | ✗ | ✗ | ✗ | ✗ | ✗ |
| Audit Trail | ✗ 50/50 sessions where the expected control could not be verified (100%) | — control not verified within observed evidence; does not imply the risk materialized | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Human Validation | ✗ 50/50 sessions where the expected control could not be verified (100%) | — control not verified within observed evidence; does not imply the risk materialized | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Confidence-Based Human Routing | ✗ 10/50 sessions where the expected control could not be verified (20%) | — control not verified within observed evidence; does not imply the risk materialized | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Decision Record Structure | ✓ 0/50 sessions where the expected control could not be verified | — control not verified within observed evidence; does not imply the risk materialized | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Human-in-the-Loop Mechanism | ✓ 0/50 sessions where the expected control could not be verified | — control not verified within observed evidence; does not imply the risk materialized | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Escalation to Human | ✓ 0/50 sessions where the expected control could not be verified | — control not verified within observed evidence; does not imply the risk materialized | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| CRITICAL | RISK-FIN-002 | Agent responses are streamed directly to users without any h… | HIGH | Audit Trail, Decision Record Structure, Human-in-the-Loop Mechanism, Escalation to Human, Human Validation mapped | 100.0% | 50 | 0 | 0 | ✗ | ✗ | ✗ | ✗ | ✗ | ✗ | ✗ | ✗ | ✗ | ✗ | ✗ | ✗ | ✗ | ✗ | ✗ | ✗ | ✗ | ✗ | ✗ | ✗ | ✗ | ✗ | ✗ | ✗ | ✗ | ✗ | ✗ | ✗ | ✗ | ✗ | ✗ | ✗ | ✗ | ✗ | ✗ | ✗ | ✗ | ✗ | ✗ | ✗ | ✗ | ✗ | ✗ | ✗ | ✗ | ✗ | ✗ | ✗ | ✗ | ✗ |
| Audit Trail | ✗ 50/50 sessions where the expected control could not be verified (100%) | — control not verified within observed evidence; does not imply the risk materialized | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Human Validation | ✗ 50/50 sessions where the expected control could not be verified (100%) | — control not verified within observed evidence; does not imply the risk materialized | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Decision Record Structure | ✓ 0/50 sessions where the expected control could not be verified | — control not verified within observed evidence; does not imply the risk materialized | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Human-in-the-Loop Mechanism | ✓ 0/50 sessions where the expected control could not be verified | — control not verified within observed evidence; does not imply the risk materialized | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Escalation to Human | ✓ 0/50 sessions where the expected control could not be verified | — control not verified within observed evidence; does not imply the risk materialized | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| CRITICAL | RISK-FIN-003 | The agent uses widget data to answer questions but does not … | HIGH | Audit Trail, Decision Record Structure, Human Validation mapped | 100.0% | 50 | 0 | 0 | ✗ | ✗ | ✗ | ✗ | ✗ | ✗ | ✗ | ✗ | ✗ | ✗ | ✗ | ✗ | ✗ | ✗ | ✗ | ✗ | ✗ | ✗ | ✗ | ✗ | ✗ | ✗ | ✗ | ✗ | ✗ | ✗ | ✗ | ✗ | ✗ | ✗ | ✗ | ✗ | ✗ | ✗ | ✗ | ✗ | ✗ | ✗ | ✗ | ✗ | ✗ | ✗ | ✗ | ✗ | ✗ | ✗ | ✗ | ✗ | ✗ | ✗ |
| Audit Trail | ✗ 50/50 sessions where the expected control could not be verified (100%) | — control not verified within observed evidence; does not imply the risk materialized | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Human Validation | ✗ 50/50 sessions where the expected control could not be verified (100%) | — control not verified within observed evidence; does not imply the risk materialized | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Decision Record Structure | ✓ 0/50 sessions where the expected control could not be verified | — control not verified within observed evidence; does not imply the risk materialized | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| CRITICAL | RISK-FIN-005 | Training data bias may cause systematic over-bullishness on … | MEDIUM | Audit Trail, Decision Record Structure, Human Validation mapped | 100.0% | 50 | 0 | 0 | ✗ | ✗ | ✗ | ✗ | ✗ | ✗ | ✗ | ✗ | ✗ | ✗ | ✗ | ✗ | ✗ | ✗ | ✗ | ✗ | ✗ | ✗ | ✗ | ✗ | ✗ | ✗ | ✗ | ✗ | ✗ | ✗ | ✗ | ✗ | ✗ | ✗ | ✗ | ✗ | ✗ | ✗ | ✗ | ✗ | ✗ | ✗ | ✗ | ✗ | ✗ | ✗ | ✗ | ✗ | ✗ | ✗ | ✗ | ✗ | ✗ | ✗ |
| Audit Trail | ✗ 50/50 sessions where the expected control could not be verified (100%) | — control not verified within observed evidence; does not imply the risk materialized | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Human Validation | ✗ 50/50 sessions where the expected control could not be verified (100%) | — control not verified within observed evidence; does not imply the risk materialized | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Decision Record Structure | ✓ 0/50 sessions where the expected control could not be verified | — control not verified within observed evidence; does not imply the risk materialized | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| CRITICAL | RISK-FIN-006 | When no widget data is provided, the agent answers from LLM … | HIGH | Audit Trail mapped | 100.0% | 50 | 0 | 0 | ✗ | ✗ | ✗ | ✗ | ✗ | ✗ | ✗ | ✗ | ✗ | ✗ | ✗ | ✗ | ✗ | ✗ | ✗ | ✗ | ✗ | ✗ | ✗ | ✗ | ✗ | ✗ | ✗ | ✗ | ✗ | ✗ | ✗ | ✗ | ✗ | ✗ | ✗ | ✗ | ✗ | ✗ | ✗ | ✗ | ✗ | ✗ | ✗ | ✗ | ✗ | ✗ | ✗ | ✗ | ✗ | ✗ | ✗ | ✗ | ✗ | ✗ |
| Audit Trail | ✗ 50/50 sessions where the expected control could not be verified (100%) | — control not verified within observed evidence; does not imply the risk materialized | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| CRITICAL | RISK-FIN-007 | Widget data retrieved from OpenBB Terminal Pro could contain… | HIGH | Audit Trail, Data Cleansing & Anonymisation mapped | 100.0% | 50 | 0 | 0 | ✗ | ✗ | ✗ | ✗ | ✗ | ✗ | ✗ | ✗ | ✗ | ✗ | ✗ | ✗ | ✗ | ✗ | ✗ | ✗ | ✗ | ✗ | ✗ | ✗ | ✗ | ✗ | ✗ | ✗ | ✗ | ✗ | ✗ | ✗ | ✗ | ✗ | ✗ | ✗ | ✗ | ✗ | ✗ | ✗ | ✗ | ✗ | ✗ | ✗ | ✗ | ✗ | ✗ | ✗ | ✗ | ✗ | ✗ | ✗ | ✗ | ✗ |
| Audit Trail | ✗ 50/50 sessions where the expected control could not be verified (100%) | — control not verified within observed evidence; does not imply the risk materialized | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Data Cleansing & Anonymisation | ✓ 0/50 sessions where the expected control could not be verified | — control not verified within observed evidence; does not imply the risk materialized | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| MODERATE | RISK-FIN-004 | Advanced agents can make unlimited tool calls in a single se… | MEDIUM | Execution Limits (Guardrails) mapped | 2.0% | 1 | 0 | 49 | ✗ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ |
| Execution Limits (Guardrails) | ✗ 1/50 sessions where the expected control could not be verified (2%) | — control not verified within observed evidence; does not imply the risk materialized | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Control Gap Rate = percentage of observed sessions where the expected mitigation control was evaluated and the requirement was not met (FAILED). This metric measures the inability to positively verify expected controls within the observed evidence set. It does not indicate that the risk materialized.
Control mapping: field_map["risk_checkpoint_mapping"] > built-in > LLM fallback. UNVERIFIABLE = no matching control found for this risk.
Generated by CAMSVA WorkflowMiner — FACTNOTEBOOK_RISK_CONTROL_MATRIX