AgentReadyHomeAgent ListingPricing

← Sanctuary AI

Sanctuary AI — agentic threat model

9.3AIVSS 9.3 · Critical

Sanctuary AI's Carbon-powered humanoid robots present a high-risk profile due to their physical embodiment and operation in industrial environments, where cyber compromise can translate directly into physical safety hazards, property damage, or operational disruption.

OWASP AIVSS score rationale

AIVSS = (CVSS_Base + AARS) × Mitigation_Factor, where AARS = (10 − CVSS_Base) × (Factor_Sum / 10) × ThM
CVSS base 9.3AARS uplift 0.47Factor sum 6.1/10Threat ×1.1Mitigation ×0.95
Autonomy of Action
0.80
Goal-Driven Planning
0.80
Self-Modification
0.20
Dynamic Tool Use
0.80
Persistent Memory
0.60
Contextual Awareness
0.90
Dynamic Identity
0.10
Multi-Agent Interactions
0.50
Non-Determinism
0.60
Opacity & Reflexivity
0.80

Scored with the canonical OWASP AIVSS formula (AIVSS calculator reference); agentic risk factors estimated from the agent’s described capabilities.

MAESTRO 7-layer threat model

Per-layer threats for this agent. Layers tagged “not certain from listing” are general, caveated commentary where the public description didn’t pin that layer.

L1 · Foundation Models⚠ not certain from listing

Not certain from the listing — The proprietary Carbon AI control system likely utilizes vision-language-action (VLA) or reinforcement learning models. Primary threats include adversarial physical inputs (e.g., visual patches that trick robot perception) and model reprogramming.

L2 · Data Operations⚠ not certain from listing

Not certain from the listing — Data operations likely involve massive datasets of physical telemetry, spatial mapping, and imitation learning. Threats include training data poisoning (leading to systematic physical failures) and spatial data exfiltration.

L3 · Agent Frameworks⚠ not certain from listing

Not certain from the listing — Carbon acts as the orchestration framework translating cognitive goals into physical actuator commands. Threats include command injection bypassing safety limits and manipulation of the robot's goal-planning logic.

L4 · Deployment & Infrastructure⚠ not certain from listing

Not certain from the listing — Deployment involves on-device edge compute on the physical humanoid robot, likely with cloud connectivity for updates. Threats include physical tampering, local privilege escalation, and insecure over-the-air (OTA) firmware updates.

L5 · Evaluation & Observability⚠ not certain from listing

Not certain from the listing — Real-time physical safety monitoring and sensor telemetry logging are critical but unspecified. Threats include sensor spoofing (e.g., LIDAR/camera blinding) and blind spots in safety-critical override guardrails.

L6 · Security & Compliance (cross-cutting)⚠ not certain from listing

Not certain from the listing — Compliance with industrial robotics safety standards (such as ISO 10218 or ISO/TS 15066) is expected but not detailed. Lack of transparent access controls and audit logging for physical actions poses a major compliance risk.

L7 · Agent Ecosystem⚠ not certain from listing

Not certain from the listing — In industrial settings, robots may interact with other automated systems or fleet management software. Threats include cascading failures across a robot fleet and unauthorized peer-to-peer command propagation.

MAESTRO — the 7-layer agentic threat-modeling framework (Cloud Security Alliance / Ken Huang).

These scores are auto-generated from public information (the agent's own listing, docs, and repository) using the canonical OWASP AIVSS formula and the MAESTRO framework — an estimate for guidance, not a penetration test, audit, or certification. See the scoring methodology. Are you the vendor? Factual corrections are free.