AgentReadyHomeAgent Listing

← Pactory.ai

Pactory.ai — agentic threat model

9.6AIVSS 9.6 · Critical

Pactory.ai presents a high-risk agentic profile due to its core functionality of enabling autonomous, on-demand hiring and monetization of third-party vertical LLMs, which significantly amplifies multi-agent cascading failures and financial transaction risks.

OWASP AIVSS score rationale

AIVSS = (CVSS_Base + AARS) × Mitigation_Factor, where AARS = (10 − CVSS_Base) × (Factor_Sum / 10) × ThM
CVSS base 8.5AARS uplift 1.09Factor sum 6.9/10Threat ×1.05Mitigation ×1.0
Autonomy of Action
0.80
Goal-Driven Planning
0.70
Self-Modification
0.30
Dynamic Tool Use
0.80
Persistent Memory
0.40
Contextual Awareness
0.60
Dynamic Identity
0.70
Multi-Agent Interactions
1.00
Non-Determinism
0.80
Opacity & Reflexivity
0.80

Scored with the canonical OWASP AIVSS formula (AIVSS calculator reference); agentic risk factors estimated from the agent’s described capabilities.

MAESTRO 7-layer threat model

Per-layer threats for this agent. Layers tagged “not certain from listing” are general, caveated commentary where the public description didn’t pin that layer.

L1 · Foundation Models⚠ not certain from listing

Not certain from the listing — Pactory acts as an intermediary marketplace for vertical LLMs rather than hosting a specific proprietary foundation model, leaving model-level vulnerabilities like adversarial alignment dependent on the hired third-party models.

L2 · Data Operations⚠ not certain from listing

Not certain from the listing — The data operations, vector stores, and RAG pipelines of the hired vertical LLMs are managed externally, introducing risks of data exfiltration or poisoning during transit between agents.

L3 · Agent Frameworks✓ mapped

Pactory provides orchestration framework capabilities allowing agents to dynamically discover, hire, and integrate specialized LLMs at runtime, which introduces risks of insecure tool integration and dynamic execution of untrusted model outputs.

L4 · Deployment & Infrastructure⚠ not certain from listing

Not certain from the listing — The hosting environment, sandboxing of hired LLMs, and API key management are not detailed, presenting potential risks of lateral movement if a hired vertical LLM is compromised.

L5 · Evaluation & Observability⚠ not certain from listing

Not certain from the listing — There is no mention of built-in evaluation, logging, or guardrails to monitor the interactions, outputs, or financial transactions of hired vertical LLMs.

L6 · Security & Compliance (cross-cutting)⚠ not certain from listing

Not certain from the listing — While it handles monetization and API access, specific identity, authorization, and compliance controls like the EU AI Act or NIST frameworks are not described.

L7 · Agent Ecosystem✓ mapped

Pactory is fundamentally an agent ecosystem and marketplace enabling agent-to-agent hiring and monetization, which highly exposes it to rogue/compromised agents, cascading failures, and financial/trust abuse across dynamic agent-to-agent transactions.

MAESTRO — the 7-layer agentic threat-modeling framework (Cloud Security Alliance / Ken Huang).