AgentReadyHomeAgent ListingPricing

← Wayve

Wayve — agentic threat model

10.0AIVSS 10.0 · Critical

Wayve represents an extreme-risk agentic profile due to its direct control over physical actuators in safety-critical environments (autonomous driving). The end-to-end deep learning approach introduces high opacity and non-determinism, meaning adversarial physical inputs or model exploitation could result in catastrophic real-world harm.

OWASP AIVSS score rationale

AIVSS = (CVSS_Base + AARS) × Mitigation_Factor, where AARS = (10 − CVSS_Base) × (Factor_Sum / 10) × ThM
CVSS base 10.0AARS uplift 0.0Factor sum 6.8/10Threat ×1.1Mitigation ×1.0
Autonomy of Action
1.00
Goal-Driven Planning
0.90
Self-Modification
0.10
Dynamic Tool Use
0.80
Persistent Memory
0.40
Contextual Awareness
1.00
Dynamic Identity
0.20
Multi-Agent Interactions
0.70
Non-Determinism
0.80
Opacity & Reflexivity
0.90

Scored with the canonical OWASP AIVSS formula (AIVSS calculator reference); agentic risk factors estimated from the agent’s described capabilities.

MAESTRO 7-layer threat model

Per-layer threats for this agent. Layers tagged “not certain from listing” are general, caveated commentary where the public description didn’t pin that layer.

L1 · Foundation Models✓ mapped

Wayve utilizes end-to-end deep learning models to process sensor inputs directly into driving actions. This architecture is highly vulnerable to physical adversarial examples (e.g., adversarial stickers on road signs), model poisoning during training on real-world data, and out-of-distribution generalization failures in novel driving scenarios.

L2 · Data Operations✓ mapped

The system is trained on vast amounts of real-world driving data. Key threats include data poisoning of the training pipeline, lack of robust data lineage/provenance for crowdsourced or fleet-collected sensor logs, and potential privacy issues regarding captured bystander data.

L3 · Agent Frameworks⚠ not certain from listing

Not certain from the listing — Wayve's end-to-end deep learning approach bypasses traditional hand-engineered planning rules, but the exact software orchestration, safety fallback frameworks, and actuator integration layers are not detailed in the public directory.

L4 · Deployment & Infrastructure✓ mapped

The deployment environment spans on-vehicle edge compute hardware (integrating with vehicle platforms) and cloud infrastructure for fleet management and training. Threats include physical tampering with vehicle sensors/compute, over-the-air (OTA) update compromise, and lateral movement from the infotainment system to safety-critical vehicle control buses (CAN/Ethernet).

L5 · Evaluation & Observability⚠ not certain from listing

Not certain from the listing — while real-time safety monitoring, simulation testing, and human-in-the-loop safety drivers are standard in autonomous vehicle development, the specific observability tools, real-time anomaly detection, and out-of-distribution guardrails are not detailed.

L6 · Security & Compliance (cross-cutting)⚠ not certain from listing

Not certain from the listing — compliance with automotive cybersecurity standards (such as ISO/SAE 21434) and safety standards (such as ISO 26262 and SOTIF ISO 21448) is critical for public road deployment but is not explicitly detailed in this high-level directory listing.

L7 · Agent Ecosystem✓ mapped

The agent ecosystem involves integration with external platforms, specifically strategic partnerships with Uber for autonomous ride-hailing. Threats include API vulnerabilities in dispatch coordination, multi-agent coordination failures in dense traffic, and cascading failures if the fleet management network is compromised.

MAESTRO — the 7-layer agentic threat-modeling framework (Cloud Security Alliance / Ken Huang).

These scores are auto-generated from public information (the agent's own listing, docs, and repository) using the canonical OWASP AIVSS formula and the MAESTRO framework — an estimate for guidance, not a penetration test, audit, or certification. See the scoring methodology. Are you the vendor? Factual corrections are free.