AgentReadyHomeAgent Listing

← Adept AI

Adept AI — agentic threat model

9.5AIVSS 9.5 · Critical

Adept AI's ACT-1 presents a high agentic risk profile due to its ability to perceive screens and execute arbitrary actions across multiple software programs, effectively acting with the user's privileges. If compromised, its broad UI-driven tool access could be abused to exfiltrate sensitive data or perform unauthorized transactions across enterprise applications.

OWASP AIVSS score rationale

AIVSS = (CVSS_Base + AARS) × Mitigation_Factor, where AARS = (10 − CVSS_Base) × (Factor_Sum / 10) × ThM
CVSS base 8.5AARS uplift 0.99Factor sum 6.3/10Threat ×1.05Mitigation ×1.0
Autonomy of Action
0.80
Goal-Driven Planning
0.80
Self-Modification
0.20
Dynamic Tool Use
0.90
Persistent Memory
0.50
Contextual Awareness
0.80
Dynamic Identity
0.60
Multi-Agent Interactions
0.20
Non-Determinism
0.70
Opacity & Reflexivity
0.80

Scored with the canonical OWASP AIVSS formula (AIVSS calculator reference); agentic risk factors estimated from the agent’s described capabilities.

MAESTRO 7-layer threat model

Per-layer threats for this agent. Layers tagged “not certain from listing” are general, caveated commentary where the public description didn’t pin that layer.

L1 · Foundation Models✓ mapped

ACT-1 relies on a proprietary multimodal foundation model trained to map screen pixels to digital actions. Key threats include adversarial UI elements (visual prompt injection) designed to hijack the model's action generation, and model stealing due to the high commercial value of the proprietary architecture.

L2 · Data Operations⚠ not certain from listing

Not certain from the listing — the training data pipeline for screen perception and action execution is proprietary; risks include training data poisoning or UI-based data exfiltration if the model processes sensitive on-screen data during operation.

L3 · Agent Frameworks✓ mapped

The agent framework orchestrates complex, multi-step tasks across different software applications. The primary threat is tool misuse, where the agent misinterprets on-screen elements or is manipulated into executing unintended, destructive actions (e.g., deleting files or sending unauthorized emails) via the UI.

L4 · Deployment & Infrastructure⚠ not certain from listing

Not certain from the listing — executing tasks across multiple programs requires deep OS or browser integration; without strict sandboxing, compromise of the agent's execution environment could lead to host takeover, privilege escalation, or lateral movement.

L5 · Evaluation & Observability⚠ not certain from listing

Not certain from the listing — monitoring UI-driven actions is difficult; a lack of robust observability and real-time guardrails could hide malicious or erroneous actions executed via screen interaction until after damage has occurred.

L6 · Security & Compliance (cross-cutting)⚠ not certain from listing

Not certain from the listing — enterprise deployment requires robust identity, access management, and audit logs of all automated UI actions to prevent unauthorized cross-program execution and ensure compliance with data privacy regulations.

L7 · Agent Ecosystem⚠ not certain from listing

Not certain from the listing — while it interacts with various software tools, there is no explicit mention of a multi-agent marketplace or peer-to-peer agent coordination that would introduce cascading ecosystem risks.

MAESTRO — the 7-layer agentic threat-modeling framework (Cloud Security Alliance / Ken Huang).