AgentReadyHomeAgent Listing

← AI 3D

AI 3D — agentic threat model

4.9AIVSS 4.9 · Medium

AI 3D is a low-risk, single-purpose generative tool rather than an autonomous agent, with primary security concerns limited to intellectual property exposure, adversarial inputs, and potential vulnerabilities in the exported GLB files.

OWASP AIVSS score rationale

AIVSS = (CVSS_Base + AARS) × Mitigation_Factor, where AARS = (10 − CVSS_Base) × (Factor_Sum / 10) × ThM
CVSS base 4.3AARS uplift 0.65Factor sum 1.2/10Threat ×0.95Mitigation ×1.0
Autonomy of Action
0.10
Goal-Driven Planning
0.00
Self-Modification
0.00
Dynamic Tool Use
0.10
Persistent Memory
0.00
Contextual Awareness
0.10
Dynamic Identity
0.00
Multi-Agent Interactions
0.00
Non-Determinism
0.40
Opacity & Reflexivity
0.50

Scored with the canonical OWASP AIVSS formula (AIVSS calculator reference); agentic risk factors estimated from the agent’s described capabilities.

MAESTRO 7-layer threat model

Per-layer threats for this agent. Layers tagged “not certain from listing” are general, caveated commentary where the public description didn’t pin that layer.

L1 · Foundation Models✓ mapped

Uses Hunyuan 3D and Seed3D models. Primary threats include adversarial inputs (crafted images or prompts designed to cause model denial of service or unexpected outputs) and model extraction/stealing of these open-source/proprietary pipelines.

L2 · Data Operations⚠ not certain from listing

Not certain from the listing — No details are provided regarding how user-uploaded images or generated 3D models are stored, cached, or if they are used for downstream model training, raising potential data privacy and intellectual property leakage risks.

L3 · Agent Frameworks⚠ not certain from listing

Not certain from the listing — The application functions as a direct inference pipeline rather than an agentic framework. If orchestration code exists, the main threat is insecure integration with 3D file conversion utilities (e.g., GLB exporters).

L4 · Deployment & Infrastructure⚠ not certain from listing

Not certain from the listing — Hosting and infrastructure details are omitted. Standard web application threats apply, specifically GPU/CPU resource exhaustion during intensive 3D generation tasks and insecure storage of generated GLB assets.

L5 · Evaluation & Observability⚠ not certain from listing

Not certain from the listing — There is no mention of input validation guardrails (to block inappropriate image uploads) or output monitoring to prevent the generation of malicious, copyrighted, or offensive 3D assets.

L6 · Security & Compliance (cross-cutting)⚠ not certain from listing

Not certain from the listing — No information is provided regarding user authentication, access controls for paid tiers, or compliance with data protection regulations (such as GDPR for user-uploaded photos).

L7 · Agent Ecosystem✓ mapped

This is a standalone horizontal content creation tool with no multi-agent coordination, marketplace integrations, or agent-to-agent communication channels described.

MAESTRO — the 7-layer agentic threat-modeling framework (Cloud Security Alliance / Ken Huang).