AgentReadyHomeAgent Listing

← Burr

Burr — agentic threat model

7.2AIVSS 7.2 · High

Burr is an open-source state-machine framework for AI agents, offering strong observability and structured execution that mitigates non-determinism, but its security posture heavily relies on developer implementation of state persistence and UI access controls.

OWASP AIVSS score rationale

AIVSS = (CVSS_Base + AARS) × Mitigation_Factor, where AARS = (10 − CVSS_Base) × (Factor_Sum / 10) × ThM
CVSS base 7.5AARS uplift 0.95Factor sum 3.8/10Threat ×1.0Mitigation ×0.85
Autonomy of Action
0.30
Goal-Driven Planning
0.50
Self-Modification
0.10
Dynamic Tool Use
0.40
Persistent Memory
0.70
Contextual Awareness
0.50
Dynamic Identity
0.10
Multi-Agent Interactions
0.40
Non-Determinism
0.50
Opacity & Reflexivity
0.30

Scored with the canonical OWASP AIVSS formula (AIVSS calculator reference); agentic risk factors estimated from the agent’s described capabilities.

MAESTRO 7-layer threat model

Per-layer threats for this agent. Layers tagged “not certain from listing” are general, caveated commentary where the public description didn’t pin that layer.

L1 · Foundation Models⚠ not certain from listing

Not certain from the listing — Burr is model-agnostic and integrates with various frameworks, meaning foundation model threats (adversarial prompts, alignment) depend entirely on the user's chosen LLM.

L2 · Data Operations✓ mapped

Burr includes pluggable persisters to save and load application states. This introduces risks of state-injection, state-tampering, or deserialization vulnerabilities if persistent state stores are not secured.

L3 · Agent Frameworks✓ mapped

As an orchestration framework modeling applications as state machines, Burr reduces chaotic execution but is vulnerable to state-transition bypasses or logic flaws in the Python-defined state components.

L4 · Deployment & Infrastructure⚠ not certain from listing

Not certain from the listing — Deployment is managed by the developer. However, hosting the Burr real-time monitoring UI exposes a network service that must be secured against unauthorized access.

L5 · Evaluation & Observability✓ mapped

Burr excels here, providing a built-in UI for real-time monitoring, tracing, and debugging, which significantly mitigates observability blind spots and aids in drift detection.

L6 · Security & Compliance (cross-cutting)⚠ not certain from listing

Not certain from the listing — The framework does not explicitly detail built-in RBAC, authentication, or compliance controls for its monitoring UI or state persistence layers.

L7 · Agent Ecosystem⚠ not certain from listing

Not certain from the listing — While Burr can model simulations and multi-agent setups, it does not natively govern a marketplace or external agent-to-agent trust boundaries.

MAESTRO — the 7-layer agentic threat-modeling framework (Cloud Security Alliance / Ken Huang).