Nox — agentic threat model
Nox is a closed-source agent focused on infinite memory, presenting a high risk of persistent indirect prompt injection and data privacy violations if malicious payloads or sensitive PII are permanently ingested into its long-term storage.
OWASP AIVSS score rationale
| Autonomy of Action | 0.20 | |
| Goal-Driven Planning | 0.10 | |
| Self-Modification | 0.60 | |
| Dynamic Tool Use | 0.10 | |
| Persistent Memory | 1.00 | |
| Contextual Awareness | 0.80 | |
| Dynamic Identity | 0.00 | |
| Multi-Agent Interactions | 0.10 | |
| Non-Determinism | 0.50 | |
| Opacity & Reflexivity | 0.70 |
Scored with the canonical OWASP AIVSS formula (AIVSS calculator reference); agentic risk factors estimated from the agent’s described capabilities.
MAESTRO 7-layer threat model
Per-layer threats for this agent. Layers tagged “not certain from listing” are general, caveated commentary where the public description didn’t pin that layer.
Not certain from the listing — The underlying foundation model used to process, summarize, or embed the 'infinite memory' is unspecified, leaving it vulnerable to model-level membership inference or adversarial reprogramming via retrieved context.
Not certain from the listing — While 'infinite memory' implies a vector database or long-term storage solution, the specific database technology, encryption at rest/in transit, and access controls are unstated, risking data exfiltration or embedding inversion.
Nox's primary feature is its memory framework. The critical threat here is memory poisoning; without strict input sanitization, malicious instructions can be permanently written to the agent's long-term memory, causing persistent indirect prompt injection across sessions.
Not certain from the listing — The deployment infrastructure, hosting environment, and sandboxing of the memory retrieval and storage processes are completely unspecified.
Not certain from the listing — There is no mention of observability tools, evaluation frameworks, or guardrails to monitor memory drift, detect anomalous retrieval patterns, or prevent the storage of toxic content.
Not certain from the listing — As a closed-source memory agent, there is no evidence of compliance with data privacy regulations (such as GDPR/CCPA 'right to be forgotten' mandates, which are highly complex to enforce in 'infinite memory' systems).
Not certain from the listing — It is unclear how Nox interacts with other agents, though a compromised or poisoned memory store could easily propagate malicious context or false information to downstream agents in an ecosystem.
MAESTRO — the 7-layer agentic threat-modeling framework (Cloud Security Alliance / Ken Huang).
These scores are auto-generated from public information (the agent's own listing, docs, and repository) using the canonical OWASP AIVSS formula and the MAESTRO framework — an estimate for guidance, not a penetration test, audit, or certification. See the scoring methodology. Are you the vendor? Factual corrections are free.