AgentReadyHomeAgent ListingPricing

← Pionex

Pionex — agentic threat model

8.8AIVSS 8.8 · High

Pionex presents a high-risk profile due to its high autonomy in executing financial transactions 24/7, where any compromise of its trading bot logic or API integrations could lead to direct, irreversible financial loss.

OWASP AIVSS score rationale

AIVSS = (CVSS_Base + AARS) × Mitigation_Factor, where AARS = (10 − CVSS_Base) × (Factor_Sum / 10) × ThM
CVSS base 8.5AARS uplift 0.74Factor sum 4.5/10Threat ×1.1Mitigation ×0.95
Autonomy of Action
0.90
Goal-Driven Planning
0.50
Self-Modification
0.00
Dynamic Tool Use
0.60
Persistent Memory
0.70
Contextual Awareness
0.80
Dynamic Identity
0.20
Multi-Agent Interactions
0.10
Non-Determinism
0.30
Opacity & Reflexivity
0.40

Scored with the canonical OWASP AIVSS formula (AIVSS calculator reference); agentic risk factors estimated from the agent’s described capabilities.

MAESTRO 7-layer threat model

Per-layer threats for this agent. Layers tagged “not certain from listing” are general, caveated commentary where the public description didn’t pin that layer.

L1 · Foundation Models⚠ not certain from listing

Not certain from the listing — Pionex relies on algorithmic trading bots (Grid, DCA) rather than generative LLMs. If any LLMs are used for market sentiment, they would be vulnerable to adversarial manipulation, but this is not indicated in the description.

L2 · Data Operations⚠ not certain from listing

Not certain from the listing — The platform processes real-time market data and user balance states. The primary threat is market data feed poisoning or API manipulation from aggregated exchanges like Binance and Huobi.

L3 · Agent Frameworks✓ mapped

Pionex uses rule-based trading bot frameworks (Grid, DCA) rather than LLM orchestration. The main threats are logic flaws in the execution loops, race conditions, or unauthorized execution of trade tools.

L4 · Deployment & Infrastructure⚠ not certain from listing

Not certain from the listing — As a closed-source cloud platform, infrastructure threats include API key leakage, container compromise, and unauthorized access to the aggregated liquidity pools on external exchanges.

L5 · Evaluation & Observability⚠ not certain from listing

Not certain from the listing — Automated 24/7 trading requires robust anomaly detection to prevent runaway bot behavior, but the listing does not detail the observability or guardrail mechanisms in place.

L6 · Security & Compliance (cross-cutting)⚠ not certain from listing

Not certain from the listing — While operating as a financial service handling cryptocurrency, specific compliance certifications (e.g., SOC2, ISO) or identity/authorization controls are not detailed in the public directory.

L7 · Agent Ecosystem⚠ not certain from listing

Not certain from the listing — There is no multi-agent marketplace mentioned, but the platform's integration with external exchange ecosystems (Binance, Huobi) introduces cascading risks if those external APIs fail or are compromised.

MAESTRO — the 7-layer agentic threat-modeling framework (Cloud Security Alliance / Ken Huang).

These scores are auto-generated from public information (the agent's own listing, docs, and repository) using the canonical OWASP AIVSS formula and the MAESTRO framework — an estimate for guidance, not a penetration test, audit, or certification. See the scoring methodology. Are you the vendor? Factual corrections are free.