AgentReadyHomeAgent Listing

← kling26

kling26 — agentic threat model

5.9AIVSS 5.9 · Medium

kling26 is a low-risk, single-turn generative AI tool with minimal agentic capabilities, primarily exposed to content abuse, prompt injection, and resource theft rather than autonomous system compromise.

OWASP AIVSS score rationale

AIVSS = (CVSS_Base + AARS) × Mitigation_Factor, where AARS = (10 − CVSS_Base) × (Factor_Sum / 10) × ThM
CVSS base 5.0AARS uplift 0.9Factor sum 1.9/10Threat ×0.95Mitigation ×1.0
Autonomy of Action
0.10
Goal-Driven Planning
0.00
Self-Modification
0.00
Dynamic Tool Use
0.00
Persistent Memory
0.10
Contextual Awareness
0.20
Dynamic Identity
0.00
Multi-Agent Interactions
0.00
Non-Determinism
0.80
Opacity & Reflexivity
0.70

Scored with the canonical OWASP AIVSS formula (AIVSS calculator reference); agentic risk factors estimated from the agent’s described capabilities.

MAESTRO 7-layer threat model

Per-layer threats for this agent. Layers tagged “not certain from listing” are general, caveated commentary where the public description didn’t pin that layer.

L1 · Foundation Models✓ mapped

Utilizes proprietary text-to-video and image-to-video foundation models. Primary threats include adversarial prompt injection to bypass safety filters, model output misalignment (generating inappropriate content), and potential model extraction attacks.

L2 · Data Operations⚠ not certain from listing

Not certain from the listing — details regarding training data ingestion, fine-tuning pipelines, or image storage are not provided. Potential risks include data privacy issues with user-uploaded static images and copyright/provenance gaps in generated video outputs.

L3 · Agent Frameworks⚠ not certain from listing

Not certain from the listing — there is no indication of an agentic orchestration framework, planning loops, or tool-calling capabilities. The system appears to operate as a direct, single-turn inference pipeline.

L4 · Deployment & Infrastructure⚠ not certain from listing

Not certain from the listing — hosting and infrastructure details are undisclosed. Given the high compute requirements for video generation, threats likely center on GPU resource exhaustion, API abuse, and unauthorized access to generation endpoints.

L5 · Evaluation & Observability⚠ not certain from listing

Not certain from the listing — no observability, logging, or input/output guardrails are detailed. The lack of visible moderation controls poses a risk of users generating deepfakes or harmful content without detection.

L6 · Security & Compliance (cross-cutting)⚠ not certain from listing

Not certain from the listing — compliance certifications (e.g., SOC2, GDPR) and identity governance are not mentioned. Security is limited to basic user account authentication and credit-based access control.

L7 · Agent Ecosystem✓ mapped

The tool operates as a standalone horizontal SaaS application with no multi-agent interactions, marketplace integrations, or external agent ecosystem dependencies described.

MAESTRO — the 7-layer agentic threat-modeling framework (Cloud Security Alliance / Ken Huang).