AgentReadyHomeAgent Listing

← Orgo

Orgo — agentic threat model

7.7AIVSS 7.7 · High

Orgo presents a high-risk profile by providing autonomous agents with complete OS-level access (Ubuntu desktops), meaning any compromise or alignment failure could lead to arbitrary code execution, web-based fraud, or data exfiltration. While VM isolation mitigates host-level compromise, the lack of visible application-layer guardrails leaves the agent's actions highly unpredictable.

OWASP AIVSS score rationale

AIVSS = (CVSS_Base + AARS) × Mitigation_Factor, where AARS = (10 − CVSS_Base) × (Factor_Sum / 10) × ThM
CVSS base 8.5AARS uplift 1.09Factor sum 6.6/10Threat ×1.1Mitigation ×0.8
Autonomy of Action
0.90
Goal-Driven Planning
0.80
Self-Modification
0.20
Dynamic Tool Use
1.00
Persistent Memory
0.40
Contextual Awareness
0.80
Dynamic Identity
0.60
Multi-Agent Interactions
0.30
Non-Determinism
0.80
Opacity & Reflexivity
0.80

Scored with the canonical OWASP AIVSS formula (AIVSS calculator reference); agentic risk factors estimated from the agent’s described capabilities.

MAESTRO 7-layer threat model

Per-layer threats for this agent. Layers tagged “not certain from listing” are general, caveated commentary where the public description didn’t pin that layer.

L1 · Foundation Models⚠ not certain from listing

Not certain from the listing — Orgo provides the desktop infrastructure rather than the foundation models themselves, though it integrates with models like Claude. A key L1 threat is visual prompt injection, where malicious content on a web page or screen viewed by the model manipulates its desktop actions.

L2 · Data Operations⚠ not certain from listing

Not certain from the listing — Orgo focuses on VM execution environments rather than structured RAG or vector databases. However, data exfiltration is a major threat as agents can freely download, upload, or copy sensitive data within the desktop environment.

L3 · Agent Frameworks✓ mapped

Orgo enables direct OS-level tool execution (mouse clicks, typing, terminal commands). The primary threat is tool misuse, where the agent executes destructive bash commands, fills out unauthorized forms, or navigates to malicious sites due to planning failures or adversarial prompts.

L4 · Deployment & Infrastructure✓ mapped

This is Orgo's core layer. It provides isolated Ubuntu VMs booting in under a second. Key threats include VM escape vulnerabilities, lateral movement to other customer VMs, and resource exhaustion (DoS) on the hosting infrastructure by rogue agent loops.

L5 · Evaluation & Observability⚠ not certain from listing

Not certain from the listing — There is no mention of built-in session recording, audit logs, or real-time guardrails to monitor and intercept harmful agent actions on the virtual desktop.

L6 · Security & Compliance (cross-cutting)⚠ not certain from listing

Not certain from the listing — While Orgo claims 'secure VMs', it does not specify compliance certifications (e.g., SOC2), identity and access management (IAM) controls for VM access, or policy enforcement mechanisms.

L7 · Agent Ecosystem⚠ not certain from listing

Not certain from the listing — The platform is designed for single-agent desktop automation and does not explicitly detail multi-agent orchestration, agent-to-agent trust boundaries, or marketplace risks.

MAESTRO — the 7-layer agentic threat-modeling framework (Cloud Security Alliance / Ken Huang).