AgentReadyHomeAgent Listing

← Lume

Lume — agentic threat model

8.1AIVSS 8.1 · High

Lume is a virtualization utility rather than an autonomous AI agent, presenting low agentic risk but high infrastructure risk if its programmatic VM management API is exposed without proper authentication and isolation controls.

OWASP AIVSS score rationale

AIVSS = (CVSS_Base + AARS) × Mitigation_Factor, where AARS = (10 − CVSS_Base) × (Factor_Sum / 10) × ThM
CVSS base 8.1AARS uplift 0.0Factor sum 0.0/10Threat ×1.0Mitigation ×1.0
Autonomy of Action
0.00
Goal-Driven Planning
0.00
Self-Modification
0.00
Dynamic Tool Use
0.00
Persistent Memory
0.00
Contextual Awareness
0.00
Dynamic Identity
0.00
Multi-Agent Interactions
0.00
Non-Determinism
0.00
Opacity & Reflexivity
0.00

Scored with the canonical OWASP AIVSS formula (AIVSS calculator reference); agentic risk factors estimated from the agent’s described capabilities.

MAESTRO 7-layer threat model

Per-layer threats for this agent. Layers tagged “not certain from listing” are general, caveated commentary where the public description didn’t pin that layer.

L1 · Foundation Models⚠ not certain from listing

Not certain from the listing — Lume is a virtualization tool/framework, not an LLM or foundation model, so model-specific threats like adversarial examples or data poisoning do not directly apply to its core binary.

L2 · Data Operations⚠ not certain from listing

Not certain from the listing — Lume manages VM images (macOS/Ubuntu) rather than vector stores or RAG datasets. Risks here relate to the integrity and provenance of prebuilt images hosted on ghcr.io.

L3 · Agent Frameworks✓ mapped

Lume acts as an execution environment/infrastructure for agents rather than an orchestration framework itself. Vulnerabilities could arise if agents programmatically control Lume via its Python SDK or API without strict input validation.

L4 · Deployment & Infrastructure✓ mapped

This is Lume's primary layer. It exposes an API server (`POST /lume/vms`) to manage VMs. If unsecured, this API allows remote attackers to spin up arbitrary VMs, potentially leading to host resource exhaustion or VM escape vulnerabilities on Apple Silicon.

L5 · Evaluation & Observability⚠ not certain from listing

Not certain from the listing — There is no mention of built-in logging, monitoring, or guardrails for the VM states or API calls, creating potential blind spots in VM usage.

L6 · Security & Compliance (cross-cutting)⚠ not certain from listing

Not certain from the listing — The listing does not detail authentication or authorization mechanisms for the API server (`POST /lume/vms`), which is critical to prevent unauthorized VM creation.

L7 · Agent Ecosystem⚠ not certain from listing

Not certain from the listing — While Lume can host multi-agent environments within its VMs, it does not natively manage agent-to-agent trust or marketplace interactions.

MAESTRO — the 7-layer agentic threat-modeling framework (Cloud Security Alliance / Ken Huang).