AgentReadyHomeAgent ListingPricing

← THEUS (Aigora)

THEUS (Aigora) — agentic threat model

6.4AIVSS 6.4 · Medium

THEUS presents a moderate agentic risk profile, primarily driven by its access to highly sensitive proprietary R&D and consumer research data. While its autonomy is bounded by human-in-the-loop exploration, its multi-avatar architecture and deep institutional memory require robust data isolation and strict access controls to prevent intellectual property exfiltration.

OWASP AIVSS score rationale

AIVSS = (CVSS_Base + AARS) × Mitigation_Factor, where AARS = (10 − CVSS_Base) × (Factor_Sum / 10) × ThM
CVSS base 6.5AARS uplift 1.54Factor sum 4.4/10Threat ×1.0Mitigation ×0.8
Autonomy of Action
0.30
Goal-Driven Planning
0.50
Self-Modification
0.10
Dynamic Tool Use
0.40
Persistent Memory
0.80
Contextual Awareness
0.70
Dynamic Identity
0.20
Multi-Agent Interactions
0.50
Non-Determinism
0.50
Opacity & Reflexivity
0.40

Scored with the canonical OWASP AIVSS formula (AIVSS calculator reference); agentic risk factors estimated from the agent’s described capabilities.

MAESTRO 7-layer threat model

Per-layer threats for this agent. Layers tagged “not certain from listing” are general, caveated commentary where the public description didn’t pin that layer.

L1 · Foundation Models⚠ not certain from listing

Not certain from the listing — The underlying foundation models are not specified. Standard LLM threats such as prompt injection, adversarial manipulation of research documents, and model-based hallucinations remain potential vectors that could corrupt the synthesis process.

L2 · Data Operations✓ mapped

Highly critical layer as THEUS processes proprietary sensory and consumer research. Key threats include data exfiltration of intellectual property and vector database poisoning. The platform mitigates some risks through project isolation, a strict 'no training on customer data' policy, and time-limited data retention.

L3 · Agent Frameworks✓ mapped

The agent framework orchestrates domain-expert AI 'avatars' (analysts, moderators) and a multimodal extraction pipeline. Threats include memory poisoning within the 'institutional memory' and prompt injection that could bypass the fact-validation mechanisms during cross-study synthesis.

L4 · Deployment & Infrastructure⚠ not certain from listing

Not certain from the listing — The deployment architecture (SaaS vs. VPC) is unspecified. However, the promised 'isolation between projects' implies a tenant-isolation or container-level sandboxing mechanism that must be secured against lateral movement and privilege escalation.

L5 · Evaluation & Observability✓ mapped

THEUS features strong built-in observability through 'Fact IDs' and page-level citations to ensure audit-ready insights. This significantly mitigates the risk of silent failures and hallucinations, though monitoring is still required to detect anomalous query patterns or extraction bypasses.

L6 · Security & Compliance (cross-cutting)✓ mapped

Security and compliance are emphasized through data isolation, strict retention limits, and auditability features. However, specific compliance certifications (e.g., SOC 2, ISO 27001) are not explicitly detailed in the public listing.

L7 · Agent Ecosystem✓ mapped

The system utilizes multiple domain-expert AI 'avatars' (e.g., AI analyst, AI moderator) to guide exploration. This introduces multi-agent trust boundary risks, where a compromise or manipulation of one avatar's context could cascade and corrupt the insights generated by another.

MAESTRO — the 7-layer agentic threat-modeling framework (Cloud Security Alliance / Ken Huang).

These scores are auto-generated from public information (the agent's own listing, docs, and repository) using the canonical OWASP AIVSS formula and the MAESTRO framework — an estimate for guidance, not a penetration test, audit, or certification. See the scoring methodology. Are you the vendor? Factual corrections are free.