Runable — agentic threat model
Runable presents a high-risk profile due to its native device control, desktop/browser UI automation, and extensive third-party integrations (e.g., Slack), which could lead to full host compromise if exploited. While human-in-the-loop feedback provides some mitigation, the lack of explicit sandboxing details in a closed-source environment elevates the overall threat posture.
OWASP AIVSS score rationale
| Autonomy of Action | 0.80 | |
| Goal-Driven Planning | 0.80 | |
| Self-Modification | 0.20 | |
| Dynamic Tool Use | 0.90 | |
| Persistent Memory | 0.60 | |
| Contextual Awareness | 0.70 | |
| Dynamic Identity | 0.50 | |
| Multi-Agent Interactions | 0.40 | |
| Non-Determinism | 0.70 | |
| Opacity & Reflexivity | 0.60 |
Scored with the canonical OWASP AIVSS formula (AIVSS calculator reference); agentic risk factors estimated from the agent’s described capabilities.
MAESTRO 7-layer threat model
Per-layer threats for this agent. Layers tagged “not certain from listing” are general, caveated commentary where the public description didn’t pin that layer.
Not certain from the listing — The listing does not specify which foundation models (e.g., GPT-4, Claude) Runable uses for UI automation and scripting logic, leaving model-specific threats like adversarial reprogramming or membership inference unverified.
Not certain from the listing — The listing does not detail how training/RAG data, vector stores, or user-specific session data are managed, though it connects to Slack and other tools, raising potential data exfiltration and lineage concerns.
Runable orchestrates UI automation, native device control, scripting logic, and workflow scheduling. Threats include tool misuse (unintended desktop/browser actions), insecure tool integration, and framework vulnerabilities leading to unauthorized system control.
Runable executes on desktop, browser, and mobile, implying native device control. This presents severe risks of container/host compromise, privilege escalation, and lateral movement if the agent's runtime environment is not properly sandboxed.
Not certain from the listing — Runable supports human feedback loops and workflow saving, but the listing lacks details on automated guardrails, drift detection, or comprehensive logging/monitoring to prevent evaluation gaming or blind spots.
Not certain from the listing — No explicit mention of enterprise security compliance (e.g., SOC2, ISO, NIST), identity management, or fine-grained authorization controls, despite being positioned as enterprise software.
Runable integrates with Slack and many other tools (connectors), creating potential cascading failures and A2A trust abuse if integrated agents or third-party connectors are compromised.
MAESTRO — the 7-layer agentic threat-modeling framework (Cloud Security Alliance / Ken Huang).
These scores are auto-generated from public information (the agent's own listing, docs, and repository) using the canonical OWASP AIVSS formula and the MAESTRO framework — an estimate for guidance, not a penetration test, audit, or certification. See the scoring methodology. Are you the vendor? Factual corrections are free.