Your Own AI — agentic threat model
Your Own AI presents a low-to-moderate agentic risk posture, acting primarily as a customizable conversational companion with a strong emphasis on privacy, though lacking high-consequence tool execution capabilities.
OWASP AIVSS score rationale
| Autonomy of Action | 0.20 | |
| Goal-Driven Planning | 0.20 | |
| Self-Modification | 0.30 | |
| Dynamic Tool Use | 0.10 | |
| Persistent Memory | 0.50 | |
| Contextual Awareness | 0.40 | |
| Dynamic Identity | 0.10 | |
| Multi-Agent Interactions | 0.20 | |
| Non-Determinism | 0.60 | |
| Opacity & Reflexivity | 0.50 |
Scored with the canonical OWASP AIVSS formula (AIVSS calculator reference); agentic risk factors estimated from the agent’s described capabilities.
MAESTRO 7-layer threat model
Per-layer threats for this agent. Layers tagged “not certain from listing” are general, caveated commentary where the public description didn’t pin that layer.
Leverages open-source LLMs to power custom and pre-made characters. Primary threats include prompt injection to bypass character personas, model misalignment, and potential model utility degradation depending on the specific open-source models selected.
Not certain from the listing — While a 'privacy-first architecture' is claimed, the exact mechanism for storing conversation history, custom character definitions, and user data isolation is unspecified, leaving potential risks of data leakage or cross-tenant data exposure.
Not certain from the listing — The orchestration framework supporting character customization and the 'grow, learn, and evolve' memory capability is not detailed, presenting potential risks of memory poisoning or insecure state management.
Not certain from the listing — The service is described as providing an experience close to running locally, but it is offered as a cloud-based API/service. The hosting infrastructure, sandboxing of custom characters, and API security controls are not disclosed.
Not certain from the listing — There is no mention of real-time monitoring, input/output guardrails, or observability tools to detect drift, toxic outputs, or policy violations within custom-built characters.
Not certain from the listing — Despite claiming 'strong data protection' and a 'privacy-first' design, specific compliance certifications (such as GDPR or SOC2) or identity/access management controls are not explicitly detailed.
Not certain from the listing — The ability to 'collaborate with your own custom-built AIs' suggests a multi-persona environment, but the presence of an active multi-agent ecosystem, marketplace, or inter-agent communication protocols is unverified.
MAESTRO — the 7-layer agentic threat-modeling framework (Cloud Security Alliance / Ken Huang).
These scores are auto-generated from public information (the agent's own listing, docs, and repository) using the canonical OWASP AIVSS formula and the MAESTRO framework — an estimate for guidance, not a penetration test, audit, or certification. See the scoring methodology. Are you the vendor? Factual corrections are free.