Wayve — agentic threat model
Wayve represents an extreme-risk agentic profile due to its direct control over physical actuators in safety-critical environments (autonomous driving). The end-to-end deep learning approach introduces high opacity and non-determinism, meaning adversarial physical inputs or model exploitation could result in catastrophic real-world harm.
OWASP AIVSS score rationale
| Autonomy of Action | 1.00 | |
| Goal-Driven Planning | 0.90 | |
| Self-Modification | 0.10 | |
| Dynamic Tool Use | 0.80 | |
| Persistent Memory | 0.40 | |
| Contextual Awareness | 1.00 | |
| Dynamic Identity | 0.20 | |
| Multi-Agent Interactions | 0.70 | |
| Non-Determinism | 0.80 | |
| Opacity & Reflexivity | 0.90 |
Scored with the canonical OWASP AIVSS formula (AIVSS calculator reference); agentic risk factors estimated from the agent’s described capabilities.
MAESTRO 7-layer threat model
Per-layer threats for this agent. Layers tagged “not certain from listing” are general, caveated commentary where the public description didn’t pin that layer.
Wayve utilizes end-to-end deep learning models to process sensor inputs directly into driving actions. This architecture is highly vulnerable to physical adversarial examples (e.g., adversarial stickers on road signs), model poisoning during training on real-world data, and out-of-distribution generalization failures in novel driving scenarios.
The system is trained on vast amounts of real-world driving data. Key threats include data poisoning of the training pipeline, lack of robust data lineage/provenance for crowdsourced or fleet-collected sensor logs, and potential privacy issues regarding captured bystander data.
Not certain from the listing — Wayve's end-to-end deep learning approach bypasses traditional hand-engineered planning rules, but the exact software orchestration, safety fallback frameworks, and actuator integration layers are not detailed in the public directory.
The deployment environment spans on-vehicle edge compute hardware (integrating with vehicle platforms) and cloud infrastructure for fleet management and training. Threats include physical tampering with vehicle sensors/compute, over-the-air (OTA) update compromise, and lateral movement from the infotainment system to safety-critical vehicle control buses (CAN/Ethernet).
Not certain from the listing — while real-time safety monitoring, simulation testing, and human-in-the-loop safety drivers are standard in autonomous vehicle development, the specific observability tools, real-time anomaly detection, and out-of-distribution guardrails are not detailed.
Not certain from the listing — compliance with automotive cybersecurity standards (such as ISO/SAE 21434) and safety standards (such as ISO 26262 and SOTIF ISO 21448) is critical for public road deployment but is not explicitly detailed in this high-level directory listing.
The agent ecosystem involves integration with external platforms, specifically strategic partnerships with Uber for autonomous ride-hailing. Threats include API vulnerabilities in dispatch coordination, multi-agent coordination failures in dense traffic, and cascading failures if the fleet management network is compromised.
MAESTRO — the 7-layer agentic threat-modeling framework (Cloud Security Alliance / Ken Huang).
These scores are auto-generated from public information (the agent's own listing, docs, and repository) using the canonical OWASP AIVSS formula and the MAESTRO framework — an estimate for guidance, not a penetration test, audit, or certification. See the scoring methodology. Are you the vendor? Factual corrections are free.