Boston Dynamics Atlas — agentic threat model
As a highly autonomous physical humanoid robot, Atlas presents an extreme risk profile where cyber-physical compromise can directly translate to severe physical damage or human injury. The lack of public security specifications regarding its onboard compute, model alignment, and safety overrides amplifies these risks.
OWASP AIVSS score rationale
| Autonomy of Action | 0.80 | |
| Goal-Driven Planning | 0.70 | |
| Self-Modification | 0.10 | |
| Dynamic Tool Use | 0.60 | |
| Persistent Memory | 0.40 | |
| Contextual Awareness | 0.90 | |
| Dynamic Identity | 0.10 | |
| Multi-Agent Interactions | 0.30 | |
| Non-Determinism | 0.70 | |
| Opacity & Reflexivity | 0.80 |
Scored with the canonical OWASP AIVSS formula (AIVSS calculator reference); agentic risk factors estimated from the agent’s described capabilities.
MAESTRO 7-layer threat model
Per-layer threats for this agent. Layers tagged “not certain from listing” are general, caveated commentary where the public description didn’t pin that layer.
Not certain from the listing — The specific foundation models (e.g., Vision-Language-Action models) powering Atlas's high-level reasoning or control loops are not disclosed. Potential threats include adversarial physical inputs (visual patches) causing model misinterpretation or reprogramming of motor control outputs.
Not certain from the listing — No details are provided regarding the training data pipelines, real-time sensor data ingestion, or local vector stores. Risks include sensor data poisoning (spoofing LiDAR/camera feeds) or lack of data lineage for reinforcement learning policies.
Not certain from the listing — The orchestration framework for translating high-level goals into physical trajectories is proprietary. Threats include insecure tool/actuator integration, where malicious or corrupted planning steps bypass physical safety limits.
Not certain from the listing — The onboard compute, real-time operating system (RTOS), and network communication protocols are unspecified. Key vulnerabilities include physical or wireless compromise of the onboard controller, lack of sandboxing for control loops, and privilege escalation to root hardware access.
Not certain from the listing — Real-time telemetry, physical safety guardrails, and anomaly detection systems are not detailed. Gaps could lead to undetected drift in motor control or failure to log physical safety violations.
Not certain from the listing — Compliance with robotics safety standards (e.g., ISO 13482) or cybersecurity frameworks is not mentioned. Lack of robust mutual authentication for over-the-air (OTA) updates poses a critical risk.
Not certain from the listing — It is unclear if Atlas interacts with a fleet management system or other robots. Potential threats include cascading failures in multi-agent coordination or unauthorized command injection from a compromised fleet controller.
MAESTRO — the 7-layer agentic threat-modeling framework (Cloud Security Alliance / Ken Huang).