Runner H — agentic threat model
Runner H presents a high agentic risk profile due to its autonomous web-interaction and self-healing capabilities operating across legacy and financial systems without explicit human-in-the-loop controls.
OWASP AIVSS score rationale
| Autonomy of Action | 0.80 | |
| Goal-Driven Planning | 0.70 | |
| Self-Modification | 0.30 | |
| Dynamic Tool Use | 0.80 | |
| Persistent Memory | 0.40 | |
| Contextual Awareness | 0.60 | |
| Dynamic Identity | 0.30 | |
| Multi-Agent Interactions | 0.10 | |
| Non-Determinism | 0.60 | |
| Opacity & Reflexivity | 0.50 |
Scored with the canonical OWASP AIVSS formula (AIVSS calculator reference); agentic risk factors estimated from the agent’s described capabilities.
MAESTRO 7-layer threat model
Per-layer threats for this agent. Layers tagged “not certain from listing” are general, caveated commentary where the public description didn’t pin that layer.
Not certain from the listing — The agent utilizes 'compact models' for efficiency, which may be more susceptible to adversarial prompt injection or alignment drift than larger, more heavily aligned foundation models.
Not certain from the listing — There is no mention of RAG, vector databases, or training data pipelines, leaving risks like data poisoning or embedding inversion unaddressed.
The agent's core framework orchestrates web automation and 'self-healing' UI selectors. This introduces high risk of tool misuse, where the agent might misinterpret UI changes and execute unintended actions (e.g., clicking incorrect buttons or submitting wrong data) on legacy or multi-system solutions.
Not certain from the listing — No details are provided regarding hosting, sandboxing of the web automation environment, or secure storage of credentials required to access legacy and multi-system integrations.
Not certain from the listing — There is no mention of logging, monitoring, or guardrails to detect and prevent anomalous web interactions or drift in the self-healing automation logic.
Not certain from the listing — No compliance certifications (e.g., SOC2, ISO) or explicit authorization controls are detailed, despite targeting sensitive industries like finance and e-commerce.
Not certain from the listing — While it integrates with legacy and multi-system solutions, there is no explicit mention of multi-agent coordination or marketplace interactions that could lead to cascading failures.
MAESTRO — the 7-layer agentic threat-modeling framework (Cloud Security Alliance / Ken Huang).
These scores are auto-generated from public information (the agent's own listing, docs, and repository) using the canonical OWASP AIVSS formula and the MAESTRO framework — an estimate for guidance, not a penetration test, audit, or certification. See the scoring methodology. Are you the vendor? Factual corrections are free.