BasedAI — agentic threat model
BasedAI presents a unique risk profile combining decentralized Layer 1 blockchain infrastructure with privacy-preserving AI (FHE/ZK-LLMs). While cryptographic controls mitigate data exposure risks, the integration of financial tokens and cross-chain compatibility introduces significant smart contract and economic attack surfaces.
OWASP AIVSS score rationale
| Autonomy of Action | 0.50 | |
| Goal-Driven Planning | 0.30 | |
| Self-Modification | 0.20 | |
| Dynamic Tool Use | 0.40 | |
| Persistent Memory | 0.50 | |
| Contextual Awareness | 0.40 | |
| Dynamic Identity | 0.60 | |
| Multi-Agent Interactions | 0.70 | |
| Non-Determinism | 0.50 | |
| Opacity & Reflexivity | 0.80 |
Scored with the canonical OWASP AIVSS formula (AIVSS calculator reference); agentic risk factors estimated from the agent’s described capabilities.
MAESTRO 7-layer threat model
Per-layer threats for this agent. Layers tagged “not certain from listing” are general, caveated commentary where the public description didn’t pin that layer.
Integrates LLMs with Fully Homomorphic Encryption (FHE) and Zero-Knowledge proofs (ZK-LLMs). While FHE protects model inputs from exposure, the underlying models remain susceptible to adversarial prompt injection and output manipulation within the decentralized network.
Data operations leverage FHE to process encrypted data directly. However, decentralized data ingestion across nodes introduces risks of data poisoning, and the integrity of the training/fine-tuning pipeline depends heavily on the honesty of decentralized participants.
Not certain from the listing — The directory does not specify the exact orchestration framework, memory management, or tool-calling mechanisms used by the individual LLMs connected to the BasedAI network.
Deployed as a Layer 1 blockchain infrastructure with cross-chain compatibility. Primary threats include smart contract vulnerabilities, consensus manipulation, validator node compromise, and bridge exploits targeting cross-chain assets.
Not certain from the listing — No specific evaluation, monitoring, logging, or guardrail mechanisms are detailed, though the decentralized nature suggests traditional centralized logging may be absent or replaced by on-chain event monitoring.
Security relies on cryptographic primitives (FHE, ZKPs, Cerberus Squeezing) and decentralized governance via the $BASED token. Key risks include governance attacks (e.g., 51% token-weighted manipulation) and implementation flaws in the custom cryptographic protocols.
Operates as a decentralized ecosystem of interconnected AI nodes and cross-chain integrations. Threats include rogue or malicious nodes participating in the network, cascading failures across bridges, and economic exploitation of the token utility model.
MAESTRO — the 7-layer agentic threat-modeling framework (Cloud Security Alliance / Ken Huang).