AgentReadyHomeAgent ListingPricing

← Humans.ai

Humans.ai — agentic threat model

8.0AIVSS 8.0 · High

Humans.ai presents a unique risk profile combining Web3 financial capabilities with AI generation. Its primary risks stem from smart contract and bridge vulnerabilities, coupled with the high-value target of its 'Digital Genome' identity assets, partially mitigated by its Proof-of-Human consensus mechanism.

OWASP AIVSS score rationale

AIVSS = (CVSS_Base + AARS) × Mitigation_Factor, where AARS = (10 − CVSS_Base) × (Factor_Sum / 10) × ThM
CVSS base 8.5AARS uplift 0.91Factor sum 5.8/10Threat ×1.05Mitigation ×0.85
Autonomy of Action
0.60
Goal-Driven Planning
0.50
Self-Modification
0.30
Dynamic Tool Use
0.70
Persistent Memory
0.60
Contextual Awareness
0.50
Dynamic Identity
0.80
Multi-Agent Interactions
0.70
Non-Determinism
0.50
Opacity & Reflexivity
0.60

Scored with the canonical OWASP AIVSS formula (AIVSS calculator reference); agentic risk factors estimated from the agent’s described capabilities.

MAESTRO 7-layer threat model

Per-layer threats for this agent. Layers tagged “not certain from listing” are general, caveated commentary where the public description didn’t pin that layer.

L1 · Foundation Models⚠ not certain from listing

Not certain from the listing — the specific foundation models used in the AI Library or Humans Studio are not disclosed. Potential threats include model stealing of proprietary 'Digital Genomes' or adversarial manipulation of the underlying models used for creation.

L2 · Data Operations⚠ not certain from listing

Not certain from the listing — while 'Digital Genome' creation implies sensitive biometric or behavioral data storage, the exact data pipeline, vector stores, or RAG mechanisms are unspecified. Threats include data poisoning of genomes or unauthorized exfiltration of sensitive identity data.

L3 · Agent Frameworks⚠ not certain from listing

Not certain from the listing — the orchestration framework for Humans Studio is not detailed. Risks involve insecure tool integration within the app-building suite and potential tool misuse if developers build agents with excessive execution privileges.

L4 · Deployment & Infrastructure✓ mapped

The platform relies on a Web3 infrastructure with EVM Compatibility, Inter-Blockchain Communication (IBC), and the Synapse Bridge. Key threats include smart contract vulnerabilities, bridge exploitation (Synapse Bridge), and validator/node compromise within the consensus network.

L5 · Evaluation & Observability✓ mapped

The platform utilizes a novel 'Proof-of-Human' consensus mechanism to ensure AI systems remain under biological supervision. However, specific runtime observability, logging, or drift detection mechanisms for the AI outputs themselves are not fully detailed.

L6 · Security & Compliance (cross-cutting)✓ mapped

Security is anchored on blockchain governance and the Proof-of-Human consensus mechanism to validate human identity and authorization. Compliance challenges may arise regarding GDPR/privacy regulations due to the immutable nature of blockchain and the storage of 'Digital Genomes'.

L7 · Agent Ecosystem✓ mapped

The ecosystem supports multi-agent and cross-chain interactions via IBC and Humans Studio. Threats include cascading failures across interconnected Web3 AI apps, rogue agents executing unauthorized financial transactions, and trust abuse between bridged chains.

MAESTRO — the 7-layer agentic threat-modeling framework (Cloud Security Alliance / Ken Huang).

These scores are auto-generated from public information (the agent's own listing, docs, and repository) using the canonical OWASP AIVSS formula and the MAESTRO framework — an estimate for guidance, not a penetration test, audit, or certification. See the scoring methodology. Are you the vendor? Factual corrections are free.