AgentReadyHomeAgent Listing

← AI Kissing video generator

AI Kissing video generator — agentic threat model

6.1AIVSS 6.1 · Medium

This agent presents low agentic risk due to its lack of autonomy, planning, and tool-use capabilities, but poses significant trust and safety risks regarding deepfakes, non-consensual face-swapping, and privacy violations of uploaded user images.

OWASP AIVSS score rationale

AIVSS = (CVSS_Base + AARS) × Mitigation_Factor, where AARS = (10 − CVSS_Base) × (Factor_Sum / 10) × ThM
CVSS base 5.3AARS uplift 0.85Factor sum 1.8/10Threat ×1.0Mitigation ×1.0
Autonomy of Action
0.10
Goal-Driven Planning
0.00
Self-Modification
0.00
Dynamic Tool Use
0.00
Persistent Memory
0.10
Contextual Awareness
0.10
Dynamic Identity
0.00
Multi-Agent Interactions
0.00
Non-Determinism
0.70
Opacity & Reflexivity
0.80

Scored with the canonical OWASP AIVSS formula (AIVSS calculator reference); agentic risk factors estimated from the agent’s described capabilities.

MAESTRO 7-layer threat model

Per-layer threats for this agent. Layers tagged “not certain from listing” are general, caveated commentary where the public description didn’t pin that layer.

L1 · Foundation Models⚠ not certain from listing

Not certain from the listing — likely relies on proprietary or open-source image/video diffusion models and face-swapping architectures. Primary threats include adversarial prompt injection to bypass safety filters, model extraction, and generating copyright-infringing or harmful outputs.

L2 · Data Operations⚠ not certain from listing

Not certain from the listing — processes user-uploaded photos and videos for face-swapping and generation. Key threats include unauthorized access to uploaded user assets, lack of secure data retention policies, and potential privacy leaks if user data is used to train or fine-tune future models.

L3 · Agent Frameworks⚠ not certain from listing

Not certain from the listing — likely uses a basic web API orchestration layer rather than an advanced agentic framework. Vulnerabilities would stem from insecure input validation of API parameters passed to the video generation backend.

L4 · Deployment & Infrastructure⚠ not certain from listing

Not certain from the listing — likely hosted on cloud GPU infrastructure. Threats include insecure storage buckets (S3) containing generated videos, API abuse leading to GPU resource exhaustion, and lack of isolation between user generation tasks.

L5 · Evaluation & Observability⚠ not certain from listing

Not certain from the listing — requires robust content moderation guardrails (e.g., NSFW filters, face-consent verification). Gaps in observability and automated abuse detection could allow the platform to be weaponized for generating non-consensual deepfakes.

L6 · Security & Compliance (cross-cutting)⚠ not certain from listing

Not certain from the listing — faces severe compliance risks under deepfake and AI regulations (such as the EU AI Act and state-level biometric laws) regarding consent for face-swapping. No security certifications or compliance audits are mentioned.

L7 · Agent Ecosystem✓ mapped

The agent operates as a standalone vertical SaaS tool and does not interact with other agents or marketplaces, making ecosystem-level cascading failures or agent-to-agent trust abuse highly unlikely.

MAESTRO — the 7-layer agentic threat-modeling framework (Cloud Security Alliance / Ken Huang).