AgentReadyHomeAgent ListingPricing

← Keak

Keak — agentic threat model

9.3AIVSS 9.3 · Critical

Keak presents a high agentic risk profile due to its autonomous capability to modify live website content and execute A/B tests without manual intervention. A compromise of the agent could lead to widespread persistent cross-site scripting (XSS) or unauthorized content modification across all integrated client sites.

OWASP AIVSS score rationale

AIVSS = (CVSS_Base + AARS) × Mitigation_Factor, where AARS = (10 − CVSS_Base) × (Factor_Sum / 10) × ThM
CVSS base 8.5AARS uplift 0.81Factor sum 4.9/10Threat ×1.1Mitigation ×1.0
Autonomy of Action
0.80
Goal-Driven Planning
0.70
Self-Modification
0.20
Dynamic Tool Use
0.60
Persistent Memory
0.60
Contextual Awareness
0.60
Dynamic Identity
0.30
Multi-Agent Interactions
0.10
Non-Determinism
0.50
Opacity & Reflexivity
0.50

Scored with the canonical OWASP AIVSS formula (AIVSS calculator reference); agentic risk factors estimated from the agent’s described capabilities.

MAESTRO 7-layer threat model

Per-layer threats for this agent. Layers tagged “not certain from listing” are general, caveated commentary where the public description didn’t pin that layer.

L1 · Foundation Models⚠ not certain from listing

Not certain from the listing — The specific foundation models used by Keak for variant generation are not disclosed. The primary risk is model reprogramming or prompt injection that could force the model to generate malicious payloads or phishing content disguised as optimized website variants.

L2 · Data Operations✓ mapped

Keak scans live website pages and ingests traffic/conversion data. If an attacker can manipulate the target website's DOM or inject malicious metadata, they could poison the agent's input data, leading to corrupted variant generation or skewed optimization decisions.

L3 · Agent Frameworks✓ mapped

The agent framework orchestrates scanning, variant generation, and live deployment of A/B tests. Vulnerabilities here include insecure tool integration where the agent's write access to the client's website DOM is abused to inject unauthorized scripts or bypass content security policies.

L4 · Deployment & Infrastructure✓ mapped

Keak integrates directly with client site builders, frameworks, and Slack. Compromise of Keak's hosting infrastructure or API keys could allow lateral movement, enabling attackers to push malicious updates directly to all connected customer websites.

L5 · Evaluation & Observability✓ mapped

Keak relies on traffic analytics and real-time alerts to select winning variants. A lack of robust anomaly detection could allow attackers to game the evaluation loop by sending artificial traffic to promote malicious or sub-optimal variants.

L6 · Security & Compliance (cross-cutting)⚠ not certain from listing

Not certain from the listing — There is no mention of specific security certifications (e.g., SOC2), role-based access controls, or human-in-the-loop authorization gates before publishing live website modifications, which increases the risk of unauthorized automated changes.

L7 · Agent Ecosystem⚠ not certain from listing

Not certain from the listing — While Keak integrates with Slack and external APIs, there is no explicit multi-agent orchestration described. The ecosystem risk is primarily focused on third-party API abuse and unauthorized actions taken via Slack integrations.

MAESTRO — the 7-layer agentic threat-modeling framework (Cloud Security Alliance / Ken Huang).

These scores are auto-generated from public information (the agent's own listing, docs, and repository) using the canonical OWASP AIVSS formula and the MAESTRO framework — an estimate for guidance, not a penetration test, audit, or certification. See the scoring methodology. Are you the vendor? Factual corrections are free.