AgentReadyHomeAgent Listing

← BrowseGPT

BrowseGPT — agentic threat model

9.4AIVSS 9.4 · Critical

BrowseGPT presents a high-risk profile due to its ability to perform high-impact real-world actions like purchasing, booking, and posting on the open web without apparent safety guardrails, sandboxing, or authentication controls.

OWASP AIVSS score rationale

AIVSS = (CVSS_Base + AARS) × Mitigation_Factor, where AARS = (10 − CVSS_Base) × (Factor_Sum / 10) × ThM
CVSS base 8.5AARS uplift 0.89Factor sum 5.4/10Threat ×1.1Mitigation ×1.0
Autonomy of Action
0.80
Goal-Driven Planning
0.70
Self-Modification
0.10
Dynamic Tool Use
0.80
Persistent Memory
0.20
Contextual Awareness
0.60
Dynamic Identity
0.60
Multi-Agent Interactions
0.10
Non-Determinism
0.80
Opacity & Reflexivity
0.70

Scored with the canonical OWASP AIVSS formula (AIVSS calculator reference); agentic risk factors estimated from the agent’s described capabilities.

MAESTRO 7-layer threat model

Per-layer threats for this agent. Layers tagged “not certain from listing” are general, caveated commentary where the public description didn’t pin that layer.

L1 · Foundation Models⚠ not certain from listing

Not certain from the listing — likely relies on a third-party commercial foundation model via API, making it vulnerable to standard prompt injection and adversarial manipulation from the web pages it browses.

L2 · Data Operations⚠ not certain from listing

Not certain from the listing — likely does not maintain a persistent vector database due to its lightweight 'no signup' nature, but dynamically processes untrusted web page content, exposing it to indirect prompt injection and data exfiltration risks.

L3 · Agent Frameworks✓ mapped

The agent framework orchestrates web browsing, form filling, and transactional execution (buying, booking). This creates a critical risk of tool hijacking where malicious web elements can force the agent to execute unauthorized purchases or posts.

L4 · Deployment & Infrastructure⚠ not certain from listing

Not certain from the listing — likely deployed as a browser extension or a lightweight cloud service. If running as a browser extension, it poses severe risks of accessing active session cookies, local storage, and sensitive user credentials.

L5 · Evaluation & Observability⚠ not certain from listing

Not certain from the listing — the description 'works sometimes' strongly suggests a lack of robust evaluation, real-time monitoring, or guardrails to detect and prevent anomalous or harmful agent behaviors.

L6 · Security & Compliance (cross-cutting)✓ mapped

The agent lacks basic security controls, requiring 'no signup' and offering no visible compliance, audit logging, or authorization policies to govern high-risk actions like financial transactions.

L7 · Agent Ecosystem⚠ not certain from listing

Not certain from the listing — there is no indication of multi-agent orchestration or integration with an agent marketplace, though it interacts directly with the broader web ecosystem.

MAESTRO — the 7-layer agentic threat-modeling framework (Cloud Security Alliance / Ken Huang).