AgentReadyHomeAgent ListingPricing

← Fytted

Fytted — agentic threat model

8.1AIVSS 8.1 · High

Fytted presents a high privacy risk profile due to its collection and storage of highly sensitive 3D body scans and physical measurements, coupled with enterprise Shopify integrations, despite having relatively low autonomous execution capabilities.

OWASP AIVSS score rationale

AIVSS = (CVSS_Base + AARS) × Mitigation_Factor, where AARS = (10 − CVSS_Base) × (Factor_Sum / 10) × ThM
CVSS base 7.5AARS uplift 0.57Factor sum 2.3/10Threat ×1.0Mitigation ×1.0
Autonomy of Action
0.20
Goal-Driven Planning
0.10
Self-Modification
0.00
Dynamic Tool Use
0.30
Persistent Memory
0.40
Contextual Awareness
0.50
Dynamic Identity
0.00
Multi-Agent Interactions
0.10
Non-Determinism
0.30
Opacity & Reflexivity
0.40

Scored with the canonical OWASP AIVSS formula (AIVSS calculator reference); agentic risk factors estimated from the agent’s described capabilities.

MAESTRO 7-layer threat model

Per-layer threats for this agent. Layers tagged “not certain from listing” are general, caveated commentary where the public description didn’t pin that layer.

L1 · Foundation Models⚠ not certain from listing

Not certain from the listing — likely utilizes proprietary computer vision models for 3D body reconstruction and generative models for virtual try-ons. Threats include adversarial physical inputs (e.g., camera spoofing) and model evasion/stealing.

L2 · Data Operations⚠ not certain from listing

Not certain from the listing — processes highly sensitive biometric-adjacent data (50+ precise body measurements and 3D scans). Threats include data exfiltration of user body metrics and poisoning of the 5000+ brand-specific size database.

L3 · Agent Frameworks⚠ not certain from listing

Not certain from the listing — orchestrates sizing logic and Shopify API integrations. Threats include insecure tool integration where malicious inputs could manipulate cart actions or leak customer profile data.

L4 · Deployment & Infrastructure⚠ not certain from listing

Not certain from the listing — deployed as a mobile-based scanner and a Shopify SaaS application. Threats include client-side reverse engineering of scanning algorithms and insecure API endpoints connecting the mobile client to the backend.

L5 · Evaluation & Observability⚠ not certain from listing

Not certain from the listing — requires robust monitoring to detect drift in sizing recommendation accuracy and anomalies in virtual try-on image generation.

L6 · Security & Compliance (cross-cutting)⚠ not certain from listing

Not certain from the listing — handling 3D body scans introduces severe privacy, GDPR, and CCPA compliance risks. No explicit security certifications (e.g., SOC2) or privacy-preserving techniques are detailed in the listing.

L7 · Agent Ecosystem⚠ not certain from listing

Not certain from the listing — operates within the Shopify app ecosystem and plans further SaaS integrations. Threats include downstream trust abuse where compromised merchant stores or third-party apps exploit Fytted's APIs.

MAESTRO — the 7-layer agentic threat-modeling framework (Cloud Security Alliance / Ken Huang).

These scores are auto-generated from public information (the agent's own listing, docs, and repository) using the canonical OWASP AIVSS formula and the MAESTRO framework — an estimate for guidance, not a penetration test, audit, or certification. See the scoring methodology. Are you the vendor? Factual corrections are free.