AgentReadyHomeAgent ListingPricing

← GRIFFAIN

GRIFFAIN — agentic threat model

9.5AIVSS 9.5 · Critical

GRIFFAIN presents an exceptionally high-risk profile due to its autonomous multi-agent architecture executing financial transactions directly on the Solana blockchain. The integration of wallet systems and DEX functionality means any compromise in the agent framework or access control could result in immediate, irreversible financial loss.

OWASP AIVSS score rationale

AIVSS = (CVSS_Base + AARS) × Mitigation_Factor, where AARS = (10 − CVSS_Base) × (Factor_Sum / 10) × ThM
CVSS base 9.8AARS uplift 0.16Factor sum 7.4/10Threat ×1.1Mitigation ×0.95
Autonomy of Action
0.90
Goal-Driven Planning
0.80
Self-Modification
0.30
Dynamic Tool Use
0.90
Persistent Memory
0.50
Contextual Awareness
0.80
Dynamic Identity
0.80
Multi-Agent Interactions
0.90
Non-Determinism
0.70
Opacity & Reflexivity
0.80

Scored with the canonical OWASP AIVSS formula (AIVSS calculator reference); agentic risk factors estimated from the agent’s described capabilities.

MAESTRO 7-layer threat model

Per-layer threats for this agent. Layers tagged “not certain from listing” are general, caveated commentary where the public description didn’t pin that layer.

L1 · Foundation Models⚠ not certain from listing

Not certain from the listing — No details on the underlying LLMs used. Threats include prompt injection leading to unauthorized transactions or model reprogramming to drain wallets.

L2 · Data Operations⚠ not certain from listing

Not certain from the listing — No details on vector databases or RAG pipelines. Threats include poisoning of market data feeds or DeFi state inputs leading to bad trades.

L3 · Agent Frameworks✓ mapped

High risk. Orchestrates multi-step DeFi operations and DEX trading. Threats include insecure tool integration (wallet/DEX APIs) and tool misuse where an agent is tricked into executing malicious transactions.

L4 · Deployment & Infrastructure⚠ not certain from listing

Not certain from the listing — No details on hosting or sandboxing of the execution environment. Threats include key leakage from the integrated wallet system or container compromise.

L5 · Evaluation & Observability⚠ not certain from listing

Not certain from the listing — No mention of guardrails or real-time transaction monitoring. Threats include blind spots in detecting anomalous trading behavior or drift in agent strategies.

L6 · Security & Compliance (cross-cutting)✓ mapped

Uses Soulbound NFTs (Saga Genesis Tokens) for exclusive access control and governance tokens. Threats include smart contract vulnerabilities in the access control layer or lack of regulatory compliance for automated financial advice.

L7 · Agent Ecosystem✓ mapped

Specifically features a 'Network of specialized agents for complex operations'. Threats include cascading failures across the agent network, rogue agents executing unauthorized trades, and A2A trust abuse.

MAESTRO — the 7-layer agentic threat-modeling framework (Cloud Security Alliance / Ken Huang).

These scores are auto-generated from public information (the agent's own listing, docs, and repository) using the canonical OWASP AIVSS formula and the MAESTRO framework — an estimate for guidance, not a penetration test, audit, or certification. See the scoring methodology. Are you the vendor? Factual corrections are free.