Laika AI — agentic threat model
Laika AI operates as a closed-source Web3 browser extension providing security audits and market analysis; its primary risk lies in client-side extension compromise or prompt injection leading to false trust in malicious smart contracts.
OWASP AIVSS score rationale
| Autonomy of Action | 0.20 | |
| Goal-Driven Planning | 0.20 | |
| Self-Modification | 0.00 | |
| Dynamic Tool Use | 0.40 | |
| Persistent Memory | 0.20 | |
| Contextual Awareness | 0.70 | |
| Dynamic Identity | 0.10 | |
| Multi-Agent Interactions | 0.00 | |
| Non-Determinism | 0.50 | |
| Opacity & Reflexivity | 0.50 |
Scored with the canonical OWASP AIVSS formula (AIVSS calculator reference); agentic risk factors estimated from the agent’s described capabilities.
MAESTRO 7-layer threat model
Per-layer threats for this agent. Layers tagged “not certain from listing” are general, caveated commentary where the public description didn’t pin that layer.
Not certain from the listing — likely uses commercial or proprietary LLMs for contract analysis and market reviews. Threats include prompt injection leading to bypassed phishing detection or false-positive/negative smart contract audits.
Not certain from the listing — requires ingestion of real-time blockchain data, smart contract source code, and phishing databases. Threats include poisoning of the phishing/malicious contract database or vector store.
Not certain from the listing — orchestration likely handles browser events, API calls to blockchain nodes, and LLM queries. Threats include insecure tool integration where malicious smart contract code triggers prompt injection during analysis.
Not certain from the listing — deployed as a browser extension interacting with backend APIs. Threats include extension-level compromise, API key theft, and man-in-the-middle attacks on blockchain data feeds.
Not certain from the listing — no details on how the AI's audit accuracy or phishing detection rates are monitored. Threats include drift in smart contract vulnerability patterns and evasion of phishing detection.
Not certain from the listing — closed-source tool with no mentioned compliance audits (e.g., SOC2) or formal verification of its own security analysis engine.
Not certain from the listing — does not explicitly mention multi-agent collaboration or marketplace integrations, though it operates within the broader Web3/DeFi ecosystem.
MAESTRO — the 7-layer agentic threat-modeling framework (Cloud Security Alliance / Ken Huang).
These scores are auto-generated from public information (the agent's own listing, docs, and repository) using the canonical OWASP AIVSS formula and the MAESTRO framework — an estimate for guidance, not a penetration test, audit, or certification. See the scoring methodology. Are you the vendor? Factual corrections are free.