AgentReadyHomeAgent ListingPricing

← Tryonr

Tryonr — agentic threat model

6.1AIVSS 6.1 · Medium

Tryonr is a low-risk, specialized generative AI tool focused on e-commerce image generation. Its primary security risks are centered around data privacy (uploaded photos), intellectual property theft, and potential generation of inappropriate content, rather than agentic autonomy or systemic propagation.

OWASP AIVSS score rationale

AIVSS = (CVSS_Base + AARS) × Mitigation_Factor, where AARS = (10 − CVSS_Base) × (Factor_Sum / 10) × ThM
CVSS base 5.3AARS uplift 0.85Factor sum 1.9/10Threat ×0.95Mitigation ×1.0
Autonomy of Action
0.20
Goal-Driven Planning
0.10
Self-Modification
0.00
Dynamic Tool Use
0.10
Persistent Memory
0.20
Contextual Awareness
0.20
Dynamic Identity
0.00
Multi-Agent Interactions
0.00
Non-Determinism
0.60
Opacity & Reflexivity
0.50

Scored with the canonical OWASP AIVSS formula (AIVSS calculator reference); agentic risk factors estimated from the agent’s described capabilities.

MAESTRO 7-layer threat model

Per-layer threats for this agent. Layers tagged “not certain from listing” are general, caveated commentary where the public description didn’t pin that layer.

L1 · Foundation Models✓ mapped

Uses image generation/diffusion models and vision-language models (for annotations). Threats include adversarial inputs (poisoned images causing generation failures or bypasses), model stealing (recreating the proprietary try-on pipeline), and output misalignment (generating inappropriate or offensive imagery).

L2 · Data Operations⚠ not certain from listing

Not certain from the listing — likely processes and stores user-uploaded product and model photos. Risks include data exfiltration of unreleased product designs, training data poisoning if user uploads are used to fine-tune models, and lack of clear data retention/privacy policies.

L3 · Agent Frameworks⚠ not certain from listing

Not certain from the listing — orchestration appears to be a standard pipeline (upload -> process -> generate) rather than an agentic framework. Risks are limited to insecure tool integration if it connects directly to e-commerce APIs (Shopify/Amazon) for publishing.

L4 · Deployment & Infrastructure⚠ not certain from listing

Not certain from the listing — likely hosted on cloud GPU infrastructure. Risks include container compromise, high GPU resource consumption (DoS), and insecure storage buckets containing user-uploaded and generated images.

L5 · Evaluation & Observability⚠ not certain from listing

Not certain from the listing — requires guardrails to prevent generation of explicit, copyrighted, or brand-damaging images, and drift detection for image quality.

L6 · Security & Compliance (cross-cutting)⚠ not certain from listing

Not certain from the listing — needs robust access controls (AuthN/AuthZ) for user galleries, compliance with intellectual property laws (using model photos without consent), and data privacy regulations (GDPR/CCPA for uploaded human model faces).

L7 · Agent Ecosystem✓ mapped

No multi-agent or marketplace interactions are described; it operates as a standalone vertical SaaS tool. Risks are minimal here, restricted to downstream e-commerce platform integrations.

MAESTRO — the 7-layer agentic threat-modeling framework (Cloud Security Alliance / Ken Huang).

These scores are auto-generated from public information (the agent's own listing, docs, and repository) using the canonical OWASP AIVSS formula and the MAESTRO framework — an estimate for guidance, not a penetration test, audit, or certification. See the scoring methodology. Are you the vendor? Factual corrections are free.