Stack AI — agentic threat model
Stack AI presents a moderate-to-high risk profile as an enterprise low-code AI orchestrator with direct access to sensitive cloud storage (S3, Google Drive). While its SOC2, HIPAA, and GDPR compliance mitigates foundational security risks, the primary threat lies in insecure user-configured workflows and potential data exfiltration via connected APIs.
OWASP AIVSS score rationale
| Autonomy of Action | 0.50 | |
| Goal-Driven Planning | 0.40 | |
| Self-Modification | 0.10 | |
| Dynamic Tool Use | 0.70 | |
| Persistent Memory | 0.50 | |
| Contextual Awareness | 0.60 | |
| Dynamic Identity | 0.30 | |
| Multi-Agent Interactions | 0.30 | |
| Non-Determinism | 0.50 | |
| Opacity & Reflexivity | 0.40 |
Scored with the canonical OWASP AIVSS formula (AIVSS calculator reference); agentic risk factors estimated from the agent’s described capabilities.
MAESTRO 7-layer threat model
Per-layer threats for this agent. Layers tagged “not certain from listing” are general, caveated commentary where the public description didn’t pin that layer.
Not certain from the listing — Stack AI acts as an orchestrator and likely integrates third-party foundation models (e.g., OpenAI, Anthropic) via API, making it susceptible to upstream model vulnerabilities, adversarial prompt injection, and data privacy risks depending on the chosen model provider.
Integrates directly with enterprise data sources (AWS S3, Google Drive, OneDrive) and uses indexing algorithms for RAG. This introduces risks of data poisoning, unauthorized data exfiltration, and embedding inversion if access controls on connected data sources are not strictly enforced.
Provides a low-code orchestration framework to build AI workflows. Risks include insecure tool integration, prompt injection bypassing workflow logic, and tool misuse if the built applications are granted excessive execution permissions.
Not certain from the listing — while it deploys via APIs and UIs, the underlying sandboxing of execution environments, container isolation, and secret management for connected storage APIs are not detailed, posing potential infrastructure compromise risks.
Not certain from the listing — there is no explicit mention of built-in evaluation, guardrails, or continuous monitoring tools, which could lead to blind spots in detecting drift, prompt injections, or anomalous agent behavior.
Demonstrates strong compliance alignment with SOC2, HIPAA, and GDPR, indicating established administrative and technical controls, though implementation details of tenant isolation and fine-grained access control remain critical.
Not certain from the listing — while it allows building multiple custom AI assistants, it is unclear if it supports native multi-agent collaboration or marketplace-based agent-to-agent interactions, which could introduce cascading trust issues.
MAESTRO — the 7-layer agentic threat-modeling framework (Cloud Security Alliance / Ken Huang).