AgentReadyHomeAgent Listing

← SuperAGI

SuperAGI — agentic threat model

9.6AIVSS 9.6 · Critical

SuperAGI is a highly autonomous, multi-agent framework with extensive tool integration capabilities, presenting a high risk of tool misuse and host compromise if deployed without strict sandboxing and security guardrails.

OWASP AIVSS score rationale

AIVSS = (CVSS_Base + AARS) × Mitigation_Factor, where AARS = (10 − CVSS_Base) × (Factor_Sum / 10) × ThM
CVSS base 8.5AARS uplift 1.07Factor sum 6.8/10Threat ×1.05Mitigation ×1.0
Autonomy of Action
0.90
Goal-Driven Planning
0.80
Self-Modification
0.40
Dynamic Tool Use
0.80
Persistent Memory
0.80
Contextual Awareness
0.70
Dynamic Identity
0.30
Multi-Agent Interactions
0.80
Non-Determinism
0.70
Opacity & Reflexivity
0.60

Scored with the canonical OWASP AIVSS formula (AIVSS calculator reference); agentic risk factors estimated from the agent’s described capabilities.

MAESTRO 7-layer threat model

Per-layer threats for this agent. Layers tagged “not certain from listing” are general, caveated commentary where the public description didn’t pin that layer.

L1 · Foundation Models⚠ not certain from listing

Not certain from the listing — SuperAGI is model-agnostic, meaning foundation model risks (adversarial examples, data poisoning) depend entirely on the external LLM APIs or local models configured by the developer.

L2 · Data Operations✓ mapped

Supports multiple vector databases and agent memory storage. This introduces risks of vector database poisoning, unauthorized memory modification, and data exfiltration of sensitive context stored across sessions.

L3 · Agent Frameworks✓ mapped

As an orchestration framework, it allows extending agent capabilities with various tools. Insecure tool integration, prompt injection leading to arbitrary tool execution, and memory poisoning are critical threats at this layer.

L4 · Deployment & Infrastructure⚠ not certain from listing

Not certain from the listing — While it provides a GUI and spawns concurrent agents, the listing does not specify sandboxing, container isolation, or secrets management practices, leaving the host vulnerable to privilege escalation via compromised tools.

L5 · Evaluation & Observability✓ mapped

Includes performance telemetry for optimization, but there is no mention of security-focused observability, guardrails, or anomaly detection to identify malicious agent behavior or prompt injections.

L6 · Security & Compliance (cross-cutting)⚠ not certain from listing

Not certain from the listing — No built-in enterprise security controls, role-based access control (RBAC), or compliance alignments are detailed in the public directory listing.

L7 · Agent Ecosystem✓ mapped

Supports spawning, deploying, and running concurrent autonomous agents. This multi-agent ecosystem is vulnerable to cascading failures, agent-to-agent trust abuse, and rogue agent behavior if one agent is compromised.

MAESTRO — the 7-layer agentic threat-modeling framework (Cloud Security Alliance / Ken Huang).