PrivateGPT — agentic threat model
PrivateGPT presents a low agentic risk profile due to its local-first, RAG-focused architecture, but remains vulnerable to data-plane threats like document poisoning and prompt injection that could compromise local document privacy.
OWASP AIVSS score rationale
| Autonomy of Action | 0.10 | |
| Goal-Driven Planning | 0.10 | |
| Self-Modification | 0.00 | |
| Dynamic Tool Use | 0.20 | |
| Persistent Memory | 0.30 | |
| Contextual Awareness | 0.50 | |
| Dynamic Identity | 0.00 | |
| Multi-Agent Interactions | 0.00 | |
| Non-Determinism | 0.50 | |
| Opacity & Reflexivity | 0.40 |
Scored with the canonical OWASP AIVSS formula (AIVSS calculator reference); agentic risk factors estimated from the agent’s described capabilities.
MAESTRO 7-layer threat model
Per-layer threats for this agent. Layers tagged “not certain from listing” are general, caveated commentary where the public description didn’t pin that layer.
Integrates with various LLM models (local or remote). Main threats include prompt injection manipulating the model's output and potential model-level vulnerabilities if using untrusted local weights.
Processes multiple local document formats into a vector database. Highly vulnerable to local data/knowledge-base poisoning via maliciously crafted documents (e.g., indirect prompt injection embedded in PDFs).
Uses an extensible RAG framework to orchestrate document ingestion and querying. Vulnerabilities include insecure document parsing libraries and API-level prompt injection that bypasses system constraints.
Not certain from the listing — while designed to run on a local machine, deployment methods (e.g., Docker, local network hosting) are user-defined. If the OpenAI-compatible API is exposed without authentication, it poses a severe unauthorized access risk.
Not certain from the listing — the description mentions streaming responses but does not detail built-in guardrails, logging, or evaluation frameworks to detect drift or malicious queries.
Not certain from the listing — emphasizes privacy via local execution, but does not specify built-in enterprise security controls like Role-Based Access Control (RBAC) or audit logging.
Not certain from the listing — PrivateGPT is a single-user local application and does not natively participate in multi-agent ecosystems or external marketplaces.
MAESTRO — the 7-layer agentic threat-modeling framework (Cloud Security Alliance / Ken Huang).
These scores are auto-generated from public information (the agent's own listing, docs, and repository) using the canonical OWASP AIVSS formula and the MAESTRO framework — an estimate for guidance, not a penetration test, audit, or certification. See the scoring methodology. Are you the vendor? Factual corrections are free.