Redactable — agentic threat model
Redactable presents a moderate agentic risk due to its low autonomy and planning capabilities, but carries extremely high data security risks because it processes highly sensitive PII/PHI from integrated cloud storage platforms.
OWASP AIVSS score rationale
| Autonomy of Action | 0.50 | |
| Goal-Driven Planning | 0.20 | |
| Self-Modification | 0.00 | |
| Dynamic Tool Use | 0.30 | |
| Persistent Memory | 0.10 | |
| Contextual Awareness | 0.40 | |
| Dynamic Identity | 0.20 | |
| Multi-Agent Interactions | 0.00 | |
| Non-Determinism | 0.30 | |
| Opacity & Reflexivity | 0.50 |
Scored with the canonical OWASP AIVSS formula (AIVSS calculator reference); agentic risk factors estimated from the agent’s described capabilities.
MAESTRO 7-layer threat model
Per-layer threats for this agent. Layers tagged “not certain from listing” are general, caveated commentary where the public description didn’t pin that layer.
Not certain from the listing — likely uses proprietary or fine-tuned NLP/NER models and OCR engines. Threats include adversarial evasion (e.g., text formatting designed to bypass PII detection) and model bias leading to incomplete redactions.
Not certain from the listing — processes sensitive documents (PDFs, images) from cloud storage. Threats include data exfiltration of unredacted documents, insecure caching of documents during processing, and potential training data leakage if user documents are used to fine-tune models.
Not certain from the listing — orchestration is likely a deterministic document processing pipeline rather than a complex agent framework. Threats include insecure integration with cloud APIs (Dropbox, OneDrive) and command injection via malformed document metadata.
Not certain from the listing — likely hosted in a secure cloud environment given the target industries (healthcare, gov). Threats include container escape during OCR processing of untrusted files and insecure storage of API keys for cloud integrations.
The listing explicitly mentions 'audit trails' and 'redaction certificates', indicating built-in logging and verification mechanisms. However, blind spots in ML detection accuracy (false negatives) remain a threat.
Tailored for legal, healthcare (PHI/HIPAA), finance, and government. Compliance is a core feature (redaction certificates, PII/PHI compliance). Threats include compliance failures if the redaction is reversible or if metadata scrubbing fails.
Not certain from the listing — no multi-agent or marketplace interactions are described. The primary ecosystem risk is limited to third-party cloud storage integrations (Dropbox, OneDrive).
MAESTRO — the 7-layer agentic threat-modeling framework (Cloud Security Alliance / Ken Huang).
These scores are auto-generated from public information (the agent's own listing, docs, and repository) using the canonical OWASP AIVSS formula and the MAESTRO framework — an estimate for guidance, not a penetration test, audit, or certification. See the scoring methodology. Are you the vendor? Factual corrections are free.