AgentReadyHomeAgent Listing

← AI Happy Horse

AI Happy Horse — agentic threat model

6.2AIVSS 6.2 · Medium

AI Happy Horse is a low-autonomy video generation tool with minimal agentic risk, primarily presenting data privacy risks regarding uploaded user photos and content abuse vectors like deepfakes or copyright infringement.

OWASP AIVSS score rationale

AIVSS = (CVSS_Base + AARS) × Mitigation_Factor, where AARS = (10 − CVSS_Base) × (Factor_Sum / 10) × ThM
CVSS base 5.3AARS uplift 0.89Factor sum 1.9/10Threat ×1.0Mitigation ×1.0
Autonomy of Action
0.10
Goal-Driven Planning
0.10
Self-Modification
0.00
Dynamic Tool Use
0.00
Persistent Memory
0.00
Contextual Awareness
0.10
Dynamic Identity
0.00
Multi-Agent Interactions
0.00
Non-Determinism
0.80
Opacity & Reflexivity
0.80

Scored with the canonical OWASP AIVSS formula (AIVSS calculator reference); agentic risk factors estimated from the agent’s described capabilities.

MAESTRO 7-layer threat model

Per-layer threats for this agent. Layers tagged “not certain from listing” are general, caveated commentary where the public description didn’t pin that layer.

L1 · Foundation Models✓ mapped

Uses text-to-video and image-to-video foundation models. Key threats include adversarial prompt injection to bypass safety filters, generating deepfakes or copyrighted material, and model reprogramming.

L2 · Data Operations✓ mapped

Processes user-provided assets including photos, portraits, and reference frames. Key threats include data poisoning via malicious image uploads, metadata leakage, and unauthorized retention of user-uploaded personal imagery.

L3 · Agent Frameworks⚠ not certain from listing

Not certain from the listing — the orchestration framework is not specified, but threats likely involve insecure handling of input parameters or prompt injection bypassing generation safety filters.

L4 · Deployment & Infrastructure⚠ not certain from listing

Not certain from the listing — infrastructure details are omitted, but standard risks include GPU resource exhaustion (DoS) due to 'unlimited' generation and insecure file storage for generated videos.

L5 · Evaluation & Observability⚠ not certain from listing

Not certain from the listing — no mention of content moderation guardrails or logging, which are critical to prevent the generation of deepfakes, copyright violations, or CSAM.

L6 · Security & Compliance (cross-cutting)⚠ not certain from listing

Not certain from the listing — no details on user authentication, data retention policies, or compliance with copyright/privacy regulations (e.g., GDPR for uploaded portraits).

L7 · Agent Ecosystem⚠ not certain from listing

Not certain from the listing — the agent operates as a standalone video generator with no indicated multi-agent or marketplace integrations.

MAESTRO — the 7-layer agentic threat-modeling framework (Cloud Security Alliance / Ken Huang).