AgentReadyHomeAgent Listing

← Kling AI Video Generator

Kling AI Video Generator — agentic threat model

5.5AIVSS 5.5 · Medium

Kling AI Video Generator is a low-autonomy generative tool with minimal agentic risk, primarily presenting threats related to model IP theft, deepfake generation, and content moderation bypass rather than autonomous system compromise.

OWASP AIVSS score rationale

AIVSS = (CVSS_Base + AARS) × Mitigation_Factor, where AARS = (10 − CVSS_Base) × (Factor_Sum / 10) × ThM
CVSS base 4.3AARS uplift 1.2Factor sum 2.1/10Threat ×1.0Mitigation ×1.0
Autonomy of Action
0.10
Goal-Driven Planning
0.10
Self-Modification
0.00
Dynamic Tool Use
0.10
Persistent Memory
0.10
Contextual Awareness
0.20
Dynamic Identity
0.00
Multi-Agent Interactions
0.00
Non-Determinism
0.80
Opacity & Reflexivity
0.70

Scored with the canonical OWASP AIVSS formula (AIVSS calculator reference); agentic risk factors estimated from the agent’s described capabilities.

MAESTRO 7-layer threat model

Per-layer threats for this agent. Layers tagged “not certain from listing” are general, caveated commentary where the public description didn’t pin that layer.

L1 · Foundation Models✓ mapped

Utilizes advanced video and audio generation foundation models. Primary threats include model stealing (IP theft of the proprietary Kling model), adversarial prompt injection to bypass safety filters, and the generation of mis-aligned or harmful outputs (e.g., deepfakes, copyright violations).

L2 · Data Operations⚠ not certain from listing

Not certain from the listing — requires massive video, image, and audio datasets for training and inference. Key threats include training data poisoning, copyright/licensing provenance gaps, and potential data exfiltration of user-uploaded source images.

L3 · Agent Frameworks⚠ not certain from listing

Not certain from the listing — likely uses a standard web backend to orchestrate model inference rather than a complex agentic framework. Threats are limited to insecure orchestration of generation pipelines and parameter manipulation.

L4 · Deployment & Infrastructure⚠ not certain from listing

Not certain from the listing — operates as a browser-based service likely backed by high-performance GPU cloud infrastructure. Threats include GPU resource exhaustion (DoS), container escape, and unauthorized access to model weights in storage.

L5 · Evaluation & Observability⚠ not certain from listing

Not certain from the listing — likely relies on input/output content moderation guardrails to prevent NSFW or harmful generations. Threats include blind spots in video-based safety filters and evaluation gaming by malicious users.

L6 · Security & Compliance (cross-cutting)⚠ not certain from listing

Not certain from the listing — requires standard web authentication. Key compliance threats involve alignment with the EU AI Act (specifically regarding deepfake labeling/watermarking) and user data privacy (GDPR) for uploaded media.

L7 · Agent Ecosystem✓ mapped

The agent operates as a standalone horizontal tool with no multi-agent coordination or marketplace ecosystem described, making ecosystem-level cascading failures or A2A trust abuse highly unlikely.

MAESTRO — the 7-layer agentic threat-modeling framework (Cloud Security Alliance / Ken Huang).