AgentReadyHomeAgent ListingPricing

← KeywordsAI

KeywordsAI — agentic threat model

8.8AIVSS 8.8 · High

KeywordsAI acts as a centralized AI gateway and observability platform, making it a high-value target for API key theft and prompt/data exfiltration, though its direct agentic autonomy is low.

OWASP AIVSS score rationale

AIVSS = (CVSS_Base + AARS) × Mitigation_Factor, where AARS = (10 − CVSS_Base) × (Factor_Sum / 10) × ThM
CVSS base 8.5AARS uplift 0.32Factor sum 2.1/10Threat ×1.0Mitigation ×1.0
Autonomy of Action
0.10
Goal-Driven Planning
0.10
Self-Modification
0.10
Dynamic Tool Use
0.30
Persistent Memory
0.50
Contextual Awareness
0.40
Dynamic Identity
0.20
Multi-Agent Interactions
0.10
Non-Determinism
0.20
Opacity & Reflexivity
0.10

Scored with the canonical OWASP AIVSS formula (AIVSS calculator reference); agentic risk factors estimated from the agent’s described capabilities.

MAESTRO 7-layer threat model

Per-layer threats for this agent. Layers tagged “not certain from listing” are general, caveated commentary where the public description didn’t pin that layer.

L1 · Foundation Models✓ mapped

Acts as an AI gateway supporting multiple models and custom model integrations. Threats include model output manipulation, prompt injection bypasses, and potential model stealing if custom models are exposed through the gateway.

L2 · Data Operations✓ mapped

Handles PDF uploads, prompt templates, and evaluation datasets. Threats include data exfiltration of sensitive uploaded documents and prompt/knowledge-base poisoning.

L3 · Agent Frameworks✓ mapped

While not a fully autonomous agent framework, it orchestrates prompt management and model routing. Vulnerabilities in the gateway orchestration code could lead to unauthorized model access or prompt leakage.

L4 · Deployment & Infrastructure✓ mapped

As a closed-source SaaS gateway, it must securely store and manage API keys for multiple external LLM providers. Compromise of this layer could lead to massive API key theft and unauthorized resource consumption.

L5 · Evaluation & Observability✓ mapped

This is the core layer of the platform, providing AI performance monitoring, LLM/human evaluations, and logging. Threats include blind spots in logging, evaluation gaming, and tampering with evaluation metrics to hide malicious model behavior.

L6 · Security & Compliance (cross-cutting)⚠ not certain from listing

Not certain from the listing — The platform features a collaboration workspace for teams, implying some level of RBAC and multi-tenancy, but specific compliance certifications (e.g., SOC2, ISO) or enterprise security controls are not detailed.

L7 · Agent Ecosystem✓ mapped

Integrates with multiple external model providers and custom models. Vulnerabilities include cascading failures if upstream model APIs fail, or trust abuse if compromised external models return malicious payloads to the gateway.

MAESTRO — the 7-layer agentic threat-modeling framework (Cloud Security Alliance / Ken Huang).

These scores are auto-generated from public information (the agent's own listing, docs, and repository) using the canonical OWASP AIVSS formula and the MAESTRO framework — an estimate for guidance, not a penetration test, audit, or certification. See the scoring methodology. Are you the vendor? Factual corrections are free.