Khanmigo (Khan Academy) — agentic threat model
Khanmigo presents a moderate agentic risk profile, primarily driven by its deployment in K-12 environments where prompt injection could bypass Socratic guardrails to expose minors to inappropriate content or violate student privacy regulations (COPPA/FERPA).
OWASP AIVSS score rationale
| Autonomy of Action | 0.30 | |
| Goal-Driven Planning | 0.40 | |
| Self-Modification | 0.10 | |
| Dynamic Tool Use | 0.30 | |
| Persistent Memory | 0.50 | |
| Contextual Awareness | 0.50 | |
| Dynamic Identity | 0.10 | |
| Multi-Agent Interactions | 0.10 | |
| Non-Determinism | 0.70 | |
| Opacity & Reflexivity | 0.60 |
Scored with the canonical OWASP AIVSS formula (AIVSS calculator reference); agentic risk factors estimated from the agent’s described capabilities.
MAESTRO 7-layer threat model
Per-layer threats for this agent. Layers tagged “not certain from listing” are general, caveated commentary where the public description didn’t pin that layer.
Utilizes GPT-4 as its foundation model. Primary threats include adversarial prompt injection by students attempting to bypass the Socratic tutoring constraints to get direct answers, or jailbreaks that generate inappropriate content for minors.
Integrates directly with Khan Academy's curated content library. Threats include RAG-based data exfiltration of student progress data or unauthorized access to premium educational materials.
Orchestrates Socratic tutoring, lesson planning, and classroom workflows. Threats include insecure tool integration with external Learning Management Systems (LMS) and prompt injection manipulating classroom workflow outputs.
Not certain from the listing — standard cloud hosting and web application security threats apply, including potential container escape or unauthorized API access to the district deployment infrastructure.
Not certain from the listing — requires robust guardrails and real-time monitoring to detect and block inappropriate content, policy violations, or adversarial student inputs, but specific observability tools are not detailed.
Highly critical layer due to K-12 district deployments. Must strictly comply with COPPA, FERPA, and student data privacy regulations; threats include unauthorized access to student records and lack of audit trails for AI-generated grading/coaching.
Not certain from the listing — there is no mention of multi-agent orchestration or an external agent marketplace, though integration with broader school district IT ecosystems exists.
MAESTRO — the 7-layer agentic threat-modeling framework (Cloud Security Alliance / Ken Huang).
These scores are auto-generated from public information (the agent's own listing, docs, and repository) using the canonical OWASP AIVSS formula and the MAESTRO framework — an estimate for guidance, not a penetration test, audit, or certification. See the scoring methodology. Are you the vendor? Factual corrections are free.