ArchiLabs — agentic threat model

8.1AIVSS 8.1 · High

ArchiLabs presents a high-risk profile due to its core functionality of generating and executing Python scripts within CAD environments like Revit. If compromised or manipulated via prompt injection, it could generate malicious code leading to local system compromise or intellectual property theft.

OWASP AIVSS score rationale

AIVSS = (CVSS_Base + AARS) × Mitigation_Factor, where AARS = (10 − CVSS_Base) × (Factor_Sum / 10) × ThM

CVSS base 8.4AARS uplift 0.66Factor sum 3.9/10Threat ×1.05Mitigation ×0.9

Autonomy of Action		0.60
Goal-Driven Planning		0.50
Self-Modification		0.10
Dynamic Tool Use		0.70
Persistent Memory		0.20
Contextual Awareness		0.50
Dynamic Identity		0.10
Multi-Agent Interactions		0.10
Non-Determinism		0.60
Opacity & Reflexivity		0.50

Scored with the canonical OWASP AIVSS formula (AIVSS calculator reference); agentic risk factors estimated from the agent’s described capabilities.

MAESTRO 7-layer threat model

Per-layer threats for this agent. Layers tagged “not certain from listing” are general, caveated commentary where the public description didn’t pin that layer.

L1 · Foundation Models⚠ not certain from listing

Not certain from the listing — likely relies on a commercial LLM optimized for code generation. The primary threat is prompt injection or adversarial inputs that trick the model into generating malicious Python payloads disguised as benign CAD automation.

L2 · Data Operations⚠ not certain from listing

Not certain from the listing — the agent must ingest CAD schemas or project context to generate relevant scripts. Threats include data exfiltration of proprietary architectural designs (IP) or poisoning of the reference context to corrupt design outputs.

L3 · Agent Frameworks✓ mapped

The orchestration framework translates natural language into Python scripts. The critical threat is insecure tool integration, where the generated code bypasses intended 'transaction-safe' boundaries and executes destructive actions on the CAD model or host system.

L4 · Deployment & Infrastructure⚠ not certain from listing

Not certain from the listing — it is unclear whether the generated Python scripts execute in a local CAD environment (e.g., Revit Python Shell) or a cloud-sandboxed environment. Local execution poses severe risks of host compromise and lateral movement.

L5 · Evaluation & Observability⚠ not certain from listing

Not certain from the listing — there is no mention of real-time guardrails, script validation, or observability tools to inspect the generated Python code for malicious patterns before execution.

L6 · Security & Compliance (cross-cutting)⚠ not certain from listing

Not certain from the listing — details regarding user authentication, access controls to CAD files, and compliance with data protection standards for proprietary architectural data are not specified.

L7 · Agent Ecosystem✓ mapped

The agent integrates directly into the CAD/Revit ecosystem. A compromised agent could propagate malicious scripts to shared BIM (Building Information Modeling) environments, leading to cascading failures or data corruption across collaborative design teams.

MAESTRO — the 7-layer agentic threat-modeling framework (Cloud Security Alliance / Ken Huang).