Four-Pillar Scorecard
One Target Per Pillar, Pass Or Fail
10x Peak
No Manual Intervention
Load test toolk6
Watch metricp95 lat.
DB bottleneckPooler
Serverless auto-scaleFree
Connection limit fixPgBouncer
99.9%
43m 50s Monthly Budget
Uptime monitorBetter Stack
Status pagePublic
MTTR target30 min
Multi-AZ repl.Default
99.99% jump52 min/yr
LCP < 2.5s
75th Percentile Real Users
INP target< 200ms
CLS target< 0.1
MonitoringRUM
Synthetic aloneLies
Edge CDNFree
0 Criticals
Latest Scan + LLM Red-Team
Dep. scannerSnyk
OWASP LLM Top 10Quarterly
Prompt classifierLakera
Agent permissionsScoped
Human gateDestructive
01
Prompt Injection
Hidden instructions in user or document input the model follows. Gateway classifier + delimiter wrapping + blast-radius reduction.
08
RAG Poisoning
5 malicious texts in millions can hit 90% attack success. 0.04% corpus poison reaches 98.2% success rate.
06
Excessive Agency
Agent with destructive permissions, no human gate, no dev/prod separation. Least-authority + external audit log.
10
Unbounded Cost
One user burns $50K monthly budget in a day. Track AI cost per request as a fifth scorecard metric.
Quarterly Stack-Health Audit
Same Checklist, Every Quarter
1
Load test staging at 10x peak. Watch p95 latency and error rate under synthetic load.
2
Uptime review last 90 days. Count incidents over 5 minutes. Verify MTTR is within 30-minute target.
3
Core Web Vitals from real-user monitoring. LCP, INP, CLS at 75th percentile, not synthetic.
4
Dependency scan zero criticals. Run Snyk or Semgrep. Review OWASP LLM Top 10.
5
AI red-team probe 20 prompts across injection, extraction, excessive agency, unbounded consumption.
6
Backup restore + tabletop drill. Restore in staging, then walk one runbook failure mode end-to-end.
SnykDep. scanner
SentryAudit log
DatadogObservability
Disaster Recovery Runbook
Top 5 Failure Modes
Platform
Total outage: failover plan, status-page comms, degrade gracefully.
Database
Corruption restore: exact commands, latest backup location, integrity check.
Credentials
Key rotation sequence, audit-log review, notification thresholds.
AI Provider
Failover to alternate model via OpenRouter config flip under 60 seconds.
Data Leak
First hour actions, GDPR 72-hour clock, customer comms template.