AgentReadyHomeAgent ListingPricing

← Project Mariner

Project Mariner — agentic threat model

7.9AIVSS 7.9 · High

Project Mariner presents a high agentic risk profile due to its direct integration with the user's Chrome browser, allowing it to autonomously navigate, fill forms, and execute actions using the user's active sessions. While real-time logging and clarification prompts offer some oversight, the threat of indirect prompt injection from untrusted web content hijacking browser actions remains a critical concern.

OWASP AIVSS score rationale

AIVSS = (CVSS_Base + AARS) × Mitigation_Factor, where AARS = (10 − CVSS_Base) × (Factor_Sum / 10) × ThM
CVSS base 8.5AARS uplift 0.83Factor sum 5.3/10Threat ×1.05Mitigation ×0.85
Autonomy of Action
0.80
Goal-Driven Planning
0.80
Self-Modification
0.10
Dynamic Tool Use
0.70
Persistent Memory
0.30
Contextual Awareness
0.80
Dynamic Identity
0.70
Multi-Agent Interactions
0.00
Non-Determinism
0.60
Opacity & Reflexivity
0.50

Scored with the canonical OWASP AIVSS formula (AIVSS calculator reference); agentic risk factors estimated from the agent’s described capabilities.

MAESTRO 7-layer threat model

Per-layer threats for this agent. Layers tagged “not certain from listing” are general, caveated commentary where the public description didn’t pin that layer.

L1 · Foundation Models✓ mapped

Built on Gemini 2.0, the model is highly capable but susceptible to multimodal adversarial examples and prompt injection embedded in web pages, which could reprogram the agent's instructions during a browsing session.

L2 · Data Operations⚠ not certain from listing

Not certain from the listing — no explicit vector store or training data pipeline details are provided, but the agent processes real-time web DOM and multimodal inputs (text, images, video), making it highly vulnerable to indirect data poisoning from untrusted web sources.

L3 · Agent Frameworks✓ mapped

The agent framework orchestrates complex task planning and browser tool execution. Vulnerabilities here include tool misuse, where the agent is manipulated into executing malicious searches, navigating to phishing sites, or submitting sensitive form data.

L4 · Deployment & Infrastructure⚠ not certain from listing

Not certain from the listing — the exact sandboxing of the Chrome extension or backend execution environment is not detailed, though running within the user's browser context risks local session hijacking and cross-origin security policy violations.

L5 · Evaluation & Observability✓ mapped

Features real-time logging of actions for user oversight and the ability to ask for clarification. However, security risks remain if the user suffers from oversight fatigue or if malicious web content bypasses these guardrails.

L6 · Security & Compliance (cross-cutting)⚠ not certain from listing

Not certain from the listing — compliance certifications, enterprise security policies, and formal audit controls are not specified for this experimental Google DeepMind tool.

L7 · Agent Ecosystem⚠ not certain from listing

Not certain from the listing — no multi-agent coordination or marketplace interactions are described, though the agent operates in the broader web ecosystem where it may interact with other web-based bots and automated systems.

MAESTRO — the 7-layer agentic threat-modeling framework (Cloud Security Alliance / Ken Huang).

These scores are auto-generated from public information (the agent's own listing, docs, and repository) using the canonical OWASP AIVSS formula and the MAESTRO framework — an estimate for guidance, not a penetration test, audit, or certification. See the scoring methodology. Are you the vendor? Factual corrections are free.