Bitget GetAgent — agentic threat model
Bitget GetAgent presents a high-risk profile due to its capability for direct execution of spot, futures, and on-chain trades via natural language prompts, making it a prime target for prompt injection and financial exploitation.
OWASP AIVSS score rationale
| Autonomy of Action | 0.70 | |
| Goal-Driven Planning | 0.60 | |
| Self-Modification | 0.10 | |
| Dynamic Tool Use | 0.80 | |
| Persistent Memory | 0.50 | |
| Contextual Awareness | 0.70 | |
| Dynamic Identity | 0.30 | |
| Multi-Agent Interactions | 0.10 | |
| Non-Determinism | 0.60 | |
| Opacity & Reflexivity | 0.50 |
Scored with the canonical OWASP AIVSS formula (AIVSS calculator reference); agentic risk factors estimated from the agent’s described capabilities.
MAESTRO 7-layer threat model
Per-layer threats for this agent. Layers tagged “not certain from listing” are general, caveated commentary where the public description didn’t pin that layer.
Not certain from the listing — likely relies on a fine-tuned LLM for financial sentiment and natural language trading. Vulnerable to adversarial prompt injections that could trick the model into recommending or executing malicious trading strategies.
Not certain from the listing — ingests real-time market insights, sentiment analysis, and user history. Vulnerable to data poisoning of external sentiment sources (e.g., social media feeds) to manipulate the agent's trading suggestions.
Orchestrates direct execution of spot, futures, and on-chain trades based on conversational prompts. Vulnerable to tool-use exploitation where ambiguous natural language triggers unintended or unauthorized financial transactions.
Embedded directly within the Bitget App infrastructure. Vulnerable to client-side compromise, API key theft, or session hijacking that could allow attackers to masquerade as the user and command the agent.
Not certain from the listing — no details are provided regarding real-time guardrails, trade anomaly detection, or logging of agent decisions. Vulnerable to silent failures or undetected drift in strategy recommendations.
Operates within Bitget's broader exchange compliance and identity framework, but lacks visible, dedicated AI safety compliance or algorithmic trading guardrails to prevent market manipulation.
Not certain from the listing — designed as a closed, single-user trading assistant within the Bitget app with no explicit multi-agent or marketplace ecosystem interactions described.
MAESTRO — the 7-layer agentic threat-modeling framework (Cloud Security Alliance / Ken Huang).