Pecan AI — agentic threat model

9.0AIVSS 9.0 · Critical

Pecan AI presents a moderate-to-high risk profile due to its direct integration with enterprise data sources for predictive model training and deployment. The primary hazards involve prompt injection manipulating data preparation queries or poisoning the training pipeline, potentially leading to compromised business decisions.

OWASP AIVSS score rationale

AIVSS = (CVSS_Base + AARS) × Mitigation_Factor, where AARS = (10 − CVSS_Base) × (Factor_Sum / 10) × ThM

CVSS base 8.5AARS uplift 0.51Factor sum 3.4/10Threat ×1.0Mitigation ×1.0

Autonomy of Action		0.40
Goal-Driven Planning		0.50
Self-Modification		0.10
Dynamic Tool Use		0.60
Persistent Memory		0.30
Contextual Awareness		0.50
Dynamic Identity		0.10
Multi-Agent Interactions		0.00
Non-Determinism		0.40
Opacity & Reflexivity		0.50

Scored with the canonical OWASP AIVSS formula (AIVSS calculator reference); agentic risk factors estimated from the agent’s described capabilities.

MAESTRO 7-layer threat model

Per-layer threats for this agent. Layers tagged “not certain from listing” are general, caveated commentary where the public description didn’t pin that layer.

L1 · Foundation Models⚠ not certain from listing

Not certain from the listing — Pecan AI leverages 'Predictive GenAI' which likely uses LLMs to generate SQL, data pipelines, or model configurations. This introduces risks of prompt injection leading to unauthorized database queries or misaligned predictive outputs.

L2 · Data Operations✓ mapped

Highly critical layer as the platform performs data preparation and model training. Risks include data poisoning of training sets, leakage of sensitive business data during ingestion, and lack of clear lineage/provenance for generated features.

L3 · Agent Frameworks✓ mapped

The orchestration framework automates model building and deployment. Insecure tool integration is a key threat, particularly if the agent has write-access to databases or executes unvalidated code during data preparation.

L4 · Deployment & Infrastructure⚠ not certain from listing

Not certain from the listing — The platform deploys predictive models, which implies hosting infrastructure. If these models are hosted in shared or poorly sandboxed environments, they face threats of container compromise or lateral movement.

L5 · Evaluation & Observability⚠ not certain from listing

Not certain from the listing — While the platform builds and deploys models, the listing does not detail its observability stack. Gaps in drift detection or model performance monitoring could allow silent failures or adversarial manipulation to go unnoticed.

L6 · Security & Compliance (cross-cutting)⚠ not certain from listing

Not certain from the listing — Enterprise data platforms require robust identity, access management, and compliance controls (e.g., SOC2, GDPR). The listing does not specify how user permissions or data access policies are enforced.

L7 · Agent Ecosystem⚠ not certain from listing

Not certain from the listing — There is no indication of multi-agent coordination or marketplace integrations in the provided description, suggesting a single-agent or centralized platform architecture.

MAESTRO — the 7-layer agentic threat-modeling framework (Cloud Security Alliance / Ken Huang).