AgentReadyHomeAgent Listing

← Databricks databricks-model-serving

Databricks databricks-model-serving — agentic threat model

8.3AIVSS 8.3 · High

This agent skill possesses high-risk capabilities by managing infrastructure provisioning and model deployment within Databricks workspaces. A compromise could lead to unauthorized resource creation, model tampering, or data exfiltration via malicious endpoints.

OWASP AIVSS score rationale

AIVSS = (CVSS_Base + AARS) × Mitigation_Factor, where AARS = (10 − CVSS_Base) × (Factor_Sum / 10) × ThM
CVSS base 8.5AARS uplift 0.68Factor sum 4.3/10Threat ×1.05Mitigation ×0.9
Autonomy of Action
0.60
Goal-Driven Planning
0.40
Self-Modification
0.10
Dynamic Tool Use
0.80
Persistent Memory
0.20
Contextual Awareness
0.50
Dynamic Identity
0.70
Multi-Agent Interactions
0.30
Non-Determinism
0.40
Opacity & Reflexivity
0.30

Scored with the canonical OWASP AIVSS formula (AIVSS calculator reference); agentic risk factors estimated from the agent’s described capabilities.

MAESTRO 7-layer threat model

Per-layer threats for this agent. Layers tagged “not certain from listing” are general, caveated commentary where the public description didn’t pin that layer.

L1 · Foundation Models⚠ not certain from listing

Not certain from the listing — the agent deploys and queries arbitrary models but its own internal foundation model and its specific vulnerabilities (e.g., prompt injection susceptibility) are not detailed.

L2 · Data Operations✓ mapped

The agent interacts with model artifacts and deployment configurations. Threats include deploying poisoned model weights or unauthorized exfiltration of proprietary model parameters during the deployment phase.

L3 · Agent Frameworks✓ mapped

The agent orchestrates endpoint creation and model invocation. Vulnerabilities here involve insecure tool integration where malicious inputs could hijack the endpoint configuration parameters to execute arbitrary code.

L4 · Deployment & Infrastructure✓ mapped

The agent directly provisions serving infrastructure in the Databricks workspace. This presents severe risks of container escape, resource exhaustion, and unauthorized lateral movement within the cloud environment.

L5 · Evaluation & Observability⚠ not certain from listing

Not certain from the listing — there is no explicit mention of built-in logging, drift detection, or guardrails for the deployed endpoints within this specific skill description.

L6 · Security & Compliance (cross-cutting)✓ mapped

The agent operates within the Databricks workspace, relying on its IAM and workspace permissions. Weak access controls could allow unauthorized users to deploy costly endpoints or access sensitive model endpoints.

L7 · Agent Ecosystem✓ mapped

As an 'Agent Skill', this component is designed to be integrated into larger agentic workflows, introducing risks of cascading failures if upstream agents pass malicious deployment instructions.

MAESTRO — the 7-layer agentic threat-modeling framework (Cloud Security Alliance / Ken Huang).