Norm AI — agentic threat model
Norm AI presents a moderate-to-high risk profile due to its delegation of regulatory compliance tasks to autonomous agents; a compromise could lead to severe legal, financial, and regulatory liabilities if compliance checks are silently subverted.
OWASP AIVSS score rationale
| Autonomy of Action | 0.60 | |
| Goal-Driven Planning | 0.50 | |
| Self-Modification | 0.10 | |
| Dynamic Tool Use | 0.40 | |
| Persistent Memory | 0.30 | |
| Contextual Awareness | 0.80 | |
| Dynamic Identity | 0.20 | |
| Multi-Agent Interactions | 0.70 | |
| Non-Determinism | 0.40 | |
| Opacity & Reflexivity | 0.50 |
Scored with the canonical OWASP AIVSS formula (AIVSS calculator reference); agentic risk factors estimated from the agent’s described capabilities.
MAESTRO 7-layer threat model
Per-layer threats for this agent. Layers tagged “not certain from listing” are general, caveated commentary where the public description didn’t pin that layer.
Not certain from the listing — likely utilizes proprietary or fine-tuned legal/regulatory LLMs. Primary threats include adversarial jailbreaks designed to bypass compliance checks and model reprogramming.
Utilizes a 'Regulatory Knowledge Base'. Threats include knowledge-base poisoning (injecting false regulatory requirements to bypass checks) and data exfiltration of sensitive corporate compliance data.
Orchestrates compliance checks and 'compliance task delegation'. Threats include insecure tool integration, logic flaws in delegation, and manipulation of agent instructions during compliance workflows.
Not certain from the listing — likely hosted as a secure SaaS platform. Threats include unauthorized access to compliance reports, container compromise, and API exposure.
Features 'real-time monitoring'. Gaps in evaluation and drift detection could lead to silent failures where updated regulations are missed or misapplied.
Emphasizes 'Human-AI Collaboration' (HITL) as a core control. However, being closed-source requires robust external auditing to ensure alignment with actual legal standards and prevent compliance theater.
Employs 'Regulatory AI Agents' and 'compliance task delegation', indicating a multi-agent ecosystem. Threats include cascading failures across delegated agents and unauthorized agent-to-agent trust escalation.
MAESTRO — the 7-layer agentic threat-modeling framework (Cloud Security Alliance / Ken Huang).
These scores are auto-generated from public information (the agent's own listing, docs, and repository) using the canonical OWASP AIVSS formula and the MAESTRO framework — an estimate for guidance, not a penetration test, audit, or certification. See the scoring methodology. Are you the vendor? Factual corrections are free.