OutSystems — agentic threat model

7.4AIVSS 7.4 · High

OutSystems AI Agent Builder provides an enterprise-grade low-code platform for deploying RAG-powered agents, presenting a moderate-to-high risk profile due to deep integration with full-stack enterprise applications, balanced by robust built-in governance and observability controls.

OWASP AIVSS score rationale

AIVSS = (CVSS_Base + AARS) × Mitigation_Factor, where AARS = (10 − CVSS_Base) × (Factor_Sum / 10) × ThM

CVSS base 8.5AARS uplift 0.8Factor sum 5.1/10Threat ×1.05Mitigation ×0.8

Autonomy of Action		0.50
Goal-Driven Planning		0.60
Self-Modification		0.20
Dynamic Tool Use		0.70
Persistent Memory		0.50
Contextual Awareness		0.70
Dynamic Identity		0.40
Multi-Agent Interactions		0.30
Non-Determinism		0.70
Opacity & Reflexivity		0.50

Scored with the canonical OWASP AIVSS formula (AIVSS calculator reference); agentic risk factors estimated from the agent’s described capabilities.

MAESTRO 7-layer threat model

Per-layer threats for this agent. Layers tagged “not certain from listing” are general, caveated commentary where the public description didn’t pin that layer.

L1 · Foundation Models✓ mapped

The platform is model-provider agnostic, meaning it inherits the specific vulnerabilities of whichever third-party LLM is integrated, including prompt injection, model-side data leakage, and service availability risks.

L2 · Data Operations✓ mapped

Features custom agent development powered by RAG. This introduces risks of knowledge-base poisoning, unauthorized data retrieval through semantic search, and data exfiltration if access controls on the underlying vector stores are misconfigured.

L3 · Agent Frameworks✓ mapped

Agents are built using OutSystems' low-code orchestration. Vulnerabilities include insecure tool integration, logic flaws in the low-code visual workflows, and prompt injection attacks that manipulate the agent's decision-making paths.

L4 · Deployment & Infrastructure⚠ not certain from listing

Not certain from the listing — OutSystems typically deploys on its own cloud infrastructure or on-premises. Infrastructure risks include container isolation failures, insecure API gateways, and inadequate sandboxing of custom code execution environments.

L5 · Evaluation & Observability✓ mapped

Includes built-in 'Agent Monitoring and Observability' features, which help mitigate risks by tracking agent execution, logging LLM interactions, and detecting anomalous behaviors or drift.

L6 · Security & Compliance (cross-cutting)✓ mapped

Emphasizes IT governance, standardization, and security controls to prevent shadow AI, ensuring that deployed agents align with enterprise compliance frameworks and access control policies.

L7 · Agent Ecosystem✓ mapped

Provides a library of quick-start generative AI apps. This introduces ecosystem risks such as template supply-chain vulnerabilities, insecure default configurations in pre-built apps, and potential cascading failures if multiple quick-start apps are chained together.

MAESTRO — the 7-layer agentic threat-modeling framework (Cloud Security Alliance / Ken Huang).