AgentReadyHomeAgent Listing

← AI InSpo

AI InSpo — agentic threat model

5.5AIVSS 5.5 · Medium

AI InSpo is a low-autonomy text-to-video generation platform with minimal agentic risk, primarily exposed to content abuse (such as deepfakes or copyright violations) and API key exposure rather than systemic or autonomous execution threats.

OWASP AIVSS score rationale

AIVSS = (CVSS_Base + AARS) × Mitigation_Factor, where AARS = (10 − CVSS_Base) × (Factor_Sum / 10) × ThM
CVSS base 4.3AARS uplift 1.25Factor sum 2.3/10Threat ×0.95Mitigation ×1.0
Autonomy of Action
0.10
Goal-Driven Planning
0.10
Self-Modification
0.00
Dynamic Tool Use
0.20
Persistent Memory
0.10
Contextual Awareness
0.20
Dynamic Identity
0.00
Multi-Agent Interactions
0.10
Non-Determinism
0.80
Opacity & Reflexivity
0.70

Scored with the canonical OWASP AIVSS formula (AIVSS calculator reference); agentic risk factors estimated from the agent’s described capabilities.

MAESTRO 7-layer threat model

Per-layer threats for this agent. Layers tagged “not certain from listing” are general, caveated commentary where the public description didn’t pin that layer.

L1 · Foundation Models✓ mapped

Integrates advanced third-party video foundation models including Sora and Kling. Primary threats include adversarial prompt injection to bypass safety filters (potentially generating deepfakes or harmful content) and model misalignment.

L2 · Data Operations⚠ not certain from listing

Not certain from the listing — No details are provided regarding prompt storage, video asset caching, or vector databases. Risks include unauthorized access to proprietary marketing prompts or generated video assets.

L3 · Agent Frameworks⚠ not certain from listing

Not certain from the listing — The orchestration logic likely maps user text inputs to external video generation APIs. Vulnerabilities could include insecure API handling, lack of input sanitization, and prompt injection leading to unintended API consumption.

L4 · Deployment & Infrastructure⚠ not certain from listing

Not certain from the listing — Hosted as a closed-source SaaS platform. Key infrastructure threats include the exposure of highly valuable API keys for Sora/Kling and denial-of-service attacks targeting resource-heavy video rendering pipelines.

L5 · Evaluation & Observability⚠ not certain from listing

Not certain from the listing — No mention of automated content moderation, output guardrails, or logging. Gaps here could allow users to generate copyrighted material or abusive content without detection.

L6 · Security & Compliance (cross-cutting)⚠ not certain from listing

Not certain from the listing — No compliance certifications (e.g., SOC2) or identity management policies are specified. Main compliance risks involve copyright ownership of AI-generated media and alignment with emerging synthetic media regulations.

L7 · Agent Ecosystem⚠ not certain from listing

Not certain from the listing — The platform does not appear to support multi-agent collaboration or marketplace integrations. Ecosystem risk is confined to third-party API dependencies (OpenAI, Kling) experiencing downtime or policy changes.

MAESTRO — the 7-layer agentic threat-modeling framework (Cloud Security Alliance / Ken Huang).