AgentReadyHomeAgent Listing

← /dev/agents

/dev/agents — agentic threat model

9.5AIVSS 9.5 · Critical

/dev/agents presents a high-risk profile as a cloud-based operating system orchestrating autonomous agents across deeply personal and critical environments like phones, laptops, and cars. A compromise of its shared user data model or orchestration layer could lead to severe cross-device data exfiltration, unauthorized tool execution, or physical safety hazards.

OWASP AIVSS score rationale

AIVSS = (CVSS_Base + AARS) × Mitigation_Factor, where AARS = (10 − CVSS_Base) × (Factor_Sum / 10) × ThM
CVSS base 9.8AARS uplift 0.17Factor sum 7.6/10Threat ×1.1Mitigation ×0.95
Autonomy of Action
0.80
Goal-Driven Planning
0.80
Self-Modification
0.40
Dynamic Tool Use
0.90
Persistent Memory
0.90
Contextual Awareness
0.90
Dynamic Identity
0.70
Multi-Agent Interactions
0.80
Non-Determinism
0.70
Opacity & Reflexivity
0.70

Scored with the canonical OWASP AIVSS formula (AIVSS calculator reference); agentic risk factors estimated from the agent’s described capabilities.

MAESTRO 7-layer threat model

Per-layer threats for this agent. Layers tagged “not certain from listing” are general, caveated commentary where the public description didn’t pin that layer.

L1 · Foundation Models⚠ not certain from listing

Not certain from the listing — the platform acts as an operating system and developer ecosystem but does not specify the underlying foundation models, leaving threats like model alignment, adversarial vulnerability, and model-level backdoors unaddressed.

L2 · Data Operations✓ mapped

The platform features a 'reimagined privacy and user data model' and a 'shared understanding of users' across devices. This centralized or federated data store is highly vulnerable to data exfiltration, unauthorized cross-device profile access, and knowledge-base poisoning.

L3 · Agent Frameworks✓ mapped

As a developer platform for building autonomous agents, the orchestration framework must manage complex tool calling and planning. Risks include insecure tool integration, prompt injection bypassing agent boundaries, and malicious agent code execution within the OS.

L4 · Deployment & Infrastructure✓ mapped

Operating as a 'cloud-based operating system' hosting third-party developer agents requires robust multi-tenant isolation. Threats include container escape, privilege escalation between agents, and unauthorized lateral movement across the cloud infrastructure.

L5 · Evaluation & Observability⚠ not certain from listing

Not certain from the listing — there is no explicit mention of built-in evaluation frameworks, real-time monitoring, logging, or guardrails to detect anomalous agent behaviors or drift within the developer ecosystem.

L6 · Security & Compliance (cross-cutting)⚠ not certain from listing

Not certain from the listing — while a 'reimagined privacy and user data model' is promised, specific compliance alignments (e.g., SOC2, ISO 27001, EU AI Act) or concrete identity and access management (IAM) controls are not detailed.

L7 · Agent Ecosystem✓ mapped

The developer ecosystem and cross-device compatibility create a complex agent marketplace. This introduces significant risks of rogue or compromised developer agents, agent-to-agent trust abuse, and cascading failures across interconnected user devices.

MAESTRO — the 7-layer agentic threat-modeling framework (Cloud Security Alliance / Ken Huang).