AgentReadyHomeAgent Listing

← FacesearchAI

FacesearchAI — agentic threat model

7.9AIVSS 7.9 · High

FacesearchAI is a specialized facial recognition search tool with low agentic autonomy but extremely high privacy, compliance, and abuse risks due to its processing of biometric data and potential use in unauthorized surveillance or stalking.

OWASP AIVSS score rationale

AIVSS = (CVSS_Base + AARS) × Mitigation_Factor, where AARS = (10 − CVSS_Base) × (Factor_Sum / 10) × ThM
CVSS base 7.5AARS uplift 0.4Factor sum 1.6/10Threat ×1.0Mitigation ×1.0
Autonomy of Action
0.20
Goal-Driven Planning
0.10
Self-Modification
0.00
Dynamic Tool Use
0.20
Persistent Memory
0.10
Contextual Awareness
0.20
Dynamic Identity
0.00
Multi-Agent Interactions
0.00
Non-Determinism
0.30
Opacity & Reflexivity
0.50

Scored with the canonical OWASP AIVSS formula (AIVSS calculator reference); agentic risk factors estimated from the agent’s described capabilities.

MAESTRO 7-layer threat model

Per-layer threats for this agent. Layers tagged “not certain from listing” are general, caveated commentary where the public description didn’t pin that layer.

L1 · Foundation Models✓ mapped

Uses computer vision and facial embedding models. Primary threats include adversarial evasion attacks (e.g., subtle pixel perturbations to bypass detection or spoof identities) and model extraction/stealing of proprietary facial recognition weights.

L2 · Data Operations✓ mapped

Relies on a massive database of scraped web images and facial embeddings. Threats include database poisoning (associating incorrect names/identities with faces), embedding inversion attacks to reconstruct original faces, and unauthorized exfiltration of biometric templates.

L3 · Agent Frameworks⚠ not certain from listing

Not certain from the listing — the tool appears to function as a direct search utility rather than a complex agentic framework. Threats would likely center on insecure file upload handling (e.g., remote code execution via malicious image/video payloads) and API parameter tampering.

L4 · Deployment & Infrastructure⚠ not certain from listing

Not certain from the listing — standard cloud hosting is assumed. Threats include insecure storage of uploaded user images (e.g., public S3 buckets) and potential resource exhaustion (DoS) on GPU-heavy facial matching infrastructure.

L5 · Evaluation & Observability⚠ not certain from listing

Not certain from the listing — there is no mention of guardrails or abuse monitoring. Threats include a lack of rate-limiting or detection mechanisms to prevent automated stalking, mass surveillance, or harvesting of search history.

L6 · Security & Compliance (cross-cutting)✓ mapped

Extremely high compliance risk. Processing biometric data without explicit consent violates major regulations such as GDPR, CCPA, and BIPA. The tool lacks visible mechanisms for identity verification of the searcher or opt-out/deletion requests for indexed individuals.

L7 · Agent Ecosystem⚠ not certain from listing

Not certain from the listing — no multi-agent ecosystem is described. However, because it offers an API, third-party rogue agents could integrate this tool to autonomously track, profile, or dox individuals across the web.

MAESTRO — the 7-layer agentic threat-modeling framework (Cloud Security Alliance / Ken Huang).