AgentReadyHomeAgent Listing

← AI EdWiBo

AI EdWiBo — agentic threat model

5.2AIVSS 5.2 · Medium

AI EdWiBo is a low-autonomy educational assistant focused on grading and feedback, presenting low systemic risk but requiring strong data privacy controls to protect student PII and ensure grading integrity.

OWASP AIVSS score rationale

AIVSS = (CVSS_Base + AARS) × Mitigation_Factor, where AARS = (10 − CVSS_Base) × (Factor_Sum / 10) × ThM
CVSS base 4.3AARS uplift 0.87Factor sum 1.6/10Threat ×0.95Mitigation ×1.0
Autonomy of Action
0.20
Goal-Driven Planning
0.10
Self-Modification
0.00
Dynamic Tool Use
0.10
Persistent Memory
0.20
Contextual Awareness
0.30
Dynamic Identity
0.00
Multi-Agent Interactions
0.00
Non-Determinism
0.40
Opacity & Reflexivity
0.30

Scored with the canonical OWASP AIVSS formula (AIVSS calculator reference); agentic risk factors estimated from the agent’s described capabilities.

MAESTRO 7-layer threat model

Per-layer threats for this agent. Layers tagged “not certain from listing” are general, caveated commentary where the public description didn’t pin that layer.

L1 · Foundation Models⚠ not certain from listing

Not certain from the listing — likely relies on commercial LLMs prompted with specific exam board criteria. Threats include prompt injection from student essays designed to force a high grade or bypass evaluation logic.

L2 · Data Operations⚠ not certain from listing

Not certain from the listing — processes student essays and stores exam criteria. Threats include data exfiltration of student submissions (which may contain PII) and potential poisoning of the reference criteria.

L3 · Agent Frameworks⚠ not certain from listing

Not certain from the listing — orchestration likely manages the flow from student input to exam-aligned feedback. Threats include insecure handling of untrusted student text within the prompt template.

L4 · Deployment & Infrastructure⚠ not certain from listing

Not certain from the listing — hosted as a web application with a dashboard. Threats include standard web application vulnerabilities (OWASP Top 10) and unauthorized access to the teacher/institution dashboard.

L5 · Evaluation & Observability⚠ not certain from listing

Not certain from the listing — requires robust monitoring to ensure grading consistency and prevent drift in assessment standards over time.

L6 · Security & Compliance (cross-cutting)⚠ not certain from listing

Not certain from the listing — handling student data requires strict compliance with privacy regulations (such as GDPR, COPPA, or FERPA), but no specific compliance certifications are cited.

L7 · Agent Ecosystem⚠ not certain from listing

Not certain from the listing — appears to operate as a standalone tool with no multi-agent or marketplace interactions described.

MAESTRO — the 7-layer agentic threat-modeling framework (Cloud Security Alliance / Ken Huang).