Weave — agentic threat model
W&B Weave is an observability and evaluation framework rather than an autonomous agent, presenting low direct operational risk but high data exposure risk due to its role in logging and storing sensitive LLM inputs, outputs, and system traces.
OWASP AIVSS score rationale
| Autonomy of Action | 0.10 | |
| Goal-Driven Planning | 0.10 | |
| Self-Modification | 0.00 | |
| Dynamic Tool Use | 0.20 | |
| Persistent Memory | 0.30 | |
| Contextual Awareness | 0.20 | |
| Dynamic Identity | 0.10 | |
| Multi-Agent Interactions | 0.20 | |
| Non-Determinism | 0.10 | |
| Opacity & Reflexivity | 0.10 |
Scored with the canonical OWASP AIVSS formula (AIVSS calculator reference); agentic risk factors estimated from the agent’s described capabilities.
MAESTRO 7-layer threat model
Per-layer threats for this agent. Layers tagged “not certain from listing” are general, caveated commentary where the public description didn’t pin that layer.
Not certain from the listing — Weave itself does not appear to bundle a foundation model, but it evaluates external LLMs. Threats include evaluating poisoned or backdoored models without detecting them.
Weave captures, stores, and versions inputs, outputs, and evaluation datasets. Threats include data exfiltration of sensitive trace logs or poisoning of evaluation datasets to mask model degradation.
Weave integrates with agent frameworks to trace tool calls and memory. Threats include insecure integration where tracing libraries leak sensitive tool arguments or session states.
Not certain from the listing — As an open-source/freemium tool, deployment could be self-hosted or SaaS. Threats include unauthorized access to the hosting environment or exposed tracing endpoints leaking proprietary data.
This is Weave's core layer. It provides evaluation scoring and debugging. Threats include evaluation gaming, blind spots in trace logging, or manipulation of evaluation metrics to push unsafe models to production.
Not certain from the listing — The listing does not detail RBAC, compliance certifications, or audit logging for the Weave platform itself, posing risks of unauthorized trace access.
Not certain from the listing — Weave monitors agent ecosystems but does not actively participate as an autonomous agent. Threats involve cascading failures in monitored multi-agent systems being obscured by tracing overhead or lag.
MAESTRO — the 7-layer agentic threat-modeling framework (Cloud Security Alliance / Ken Huang).
These scores are auto-generated from public information (the agent's own listing, docs, and repository) using the canonical OWASP AIVSS formula and the MAESTRO framework — an estimate for guidance, not a penetration test, audit, or certification. See the scoring methodology. Are you the vendor? Factual corrections are free.