AgentReadyHomeAgent Listing

← Live3D

Live3D — agentic threat model

6.0AIVSS 6.0 · Medium

Live3D is a low-autonomy, utility-focused AI tool for face swapping and image generation with minimal agentic risk. Its primary security and compliance exposures stem from the lack of user authentication, potential privacy risks regarding uploaded biometric media, and the absence of explicit content moderation guardrails.

OWASP AIVSS score rationale

AIVSS = (CVSS_Base + AARS) × Mitigation_Factor, where AARS = (10 − CVSS_Base) × (Factor_Sum / 10) × ThM
CVSS base 5.3AARS uplift 0.66Factor sum 1.4/10Threat ×1.0Mitigation ×1.0
Autonomy of Action
0.10
Goal-Driven Planning
0.00
Self-Modification
0.00
Dynamic Tool Use
0.10
Persistent Memory
0.00
Contextual Awareness
0.10
Dynamic Identity
0.00
Multi-Agent Interactions
0.00
Non-Determinism
0.60
Opacity & Reflexivity
0.50

Scored with the canonical OWASP AIVSS formula (AIVSS calculator reference); agentic risk factors estimated from the agent’s described capabilities.

MAESTRO 7-layer threat model

Per-layer threats for this agent. Layers tagged “not certain from listing” are general, caveated commentary where the public description didn’t pin that layer.

L1 · Foundation Models⚠ not certain from listing

Not certain from the listing — likely utilizes latent diffusion models for image generation and deep learning face-alignment/swapping models. Threats include adversarial prompt injection to bypass safety filters, model evasion, and outputting misaligned or harmful content.

L2 · Data Operations⚠ not certain from listing

Not certain from the listing — processes user-uploaded photos and videos. Threats include insecure ephemeral storage, lack of data deletion guarantees, and potential exposure of user-uploaded biometric data during transit or processing.

L3 · Agent Frameworks✓ mapped

The tool does not utilize a complex agentic orchestration framework, operating instead as a direct input-output pipeline. Risks of tool misuse, planning failures, or memory poisoning are virtually non-existent.

L4 · Deployment & Infrastructure⚠ not certain from listing

Not certain from the listing — hosted as a public web application. Threats include server-side request forgery (SSRF) if the tool accepts image URLs, resource exhaustion (DoS) due to GPU-heavy rendering, and infrastructure compromise.

L5 · Evaluation & Observability⚠ not certain from listing

Not certain from the listing — there is no mention of output monitoring, input sanitization, or abuse detection. This creates a blind spot for the generation of non-consensual deepfakes or copyrighted material.

L6 · Security & Compliance (cross-cutting)✓ mapped

The service requires no login or subscription, meaning there is no identity verification, access control, or user audit logging. This presents significant compliance challenges regarding biometric data privacy regulations (e.g., GDPR, CCPA).

L7 · Agent Ecosystem✓ mapped

The agent operates in isolation as a standalone web utility. There are no multi-agent interactions, marketplace dependencies, or agent-to-agent trust boundaries to secure.

MAESTRO — the 7-layer agentic threat-modeling framework (Cloud Security Alliance / Ken Huang).