AgentReadyHomeAgent Listing

← Sigma AI Browser

Sigma AI Browser — agentic threat model

7.0AIVSS 7.0 · High

Sigma AI Browser operates as a local, on-device AI agent (Sigma Eclipse) integrated into a web browser. While its offline, cloudless architecture significantly mitigates external data exfiltration risks, its direct access to active browser sessions and web content exposes it to high-impact indirect prompt injection and local session compromise.

OWASP AIVSS score rationale

AIVSS = (CVSS_Base + AARS) × Mitigation_Factor, where AARS = (10 − CVSS_Base) × (Factor_Sum / 10) × ThM
CVSS base 8.2AARS uplift 0.59Factor sum 3.3/10Threat ×1.0Mitigation ×0.8
Autonomy of Action
0.30
Goal-Driven Planning
0.20
Self-Modification
0.10
Dynamic Tool Use
0.40
Persistent Memory
0.30
Contextual Awareness
0.70
Dynamic Identity
0.10
Multi-Agent Interactions
0.10
Non-Determinism
0.60
Opacity & Reflexivity
0.50

Scored with the canonical OWASP AIVSS formula (AIVSS calculator reference); agentic risk factors estimated from the agent’s described capabilities.

MAESTRO 7-layer threat model

Per-layer threats for this agent. Layers tagged “not certain from listing” are general, caveated commentary where the public description didn’t pin that layer.

L1 · Foundation Models✓ mapped

Uses 'Sigma Eclipse', a cloudless local LLM architecture. Because the model runs locally on the user's device, it is highly susceptible to model extraction, reverse-engineering, and local adversarial reprogramming.

L2 · Data Operations⚠ not certain from listing

Not certain from the listing — details on local vector databases or RAG implementations are omitted. However, the agent's ability to summarize articles implies it processes untrusted web data, risking indirect prompt injection and local data poisoning from malicious websites.

L3 · Agent Frameworks⚠ not certain from listing

Not certain from the listing — the orchestration framework for the 'full AI agent' is unspecified. The primary threat is insecure tool integration, where the agent framework might execute browser-level actions or access sensitive APIs based on untrusted web inputs.

L4 · Deployment & Infrastructure✓ mapped

Deployed locally on the user's device with offline capabilities. This eliminates cloud-hosting vulnerabilities but introduces risks of local host compromise, where other malicious local processes could access the browser's memory space or LLM weights.

L5 · Evaluation & Observability⚠ not certain from listing

Not certain from the listing — there is no mention of local guardrails, logging, or observability tools. The lack of centralized monitoring makes detecting local model drift or silent failures difficult.

L6 · Security & Compliance (cross-cutting)⚠ not certain from listing

Not certain from the listing — while the description claims to transform the online space into a 'safe' place where 'privacy' comes together, there are no references to formal security audits, compliance certifications, or local data encryption standards.

L7 · Agent Ecosystem⚠ not certain from listing

Not certain from the listing — there is no evidence of a multi-agent ecosystem or marketplace. The threat of rogue agent-to-agent interactions is currently low, unless third-party browser extensions are allowed to interface with the local agent.

MAESTRO — the 7-layer agentic threat-modeling framework (Cloud Security Alliance / Ken Huang).