AgentReadyHomeAgent Listing

← BullRun

BullRun — agentic threat model

6.4AIVSS 6.4 · Medium

BullRun presents a moderate security risk primarily centered on the exposure of sensitive personal financial portfolio data through its hosted remote MCP endpoint. While protected by OAuth, the handling of user tokens and the potential for unauthorized data exfiltration via LLM tool misuse are key concerns.

OWASP AIVSS score rationale

AIVSS = (CVSS_Base + AARS) × Mitigation_Factor, where AARS = (10 − CVSS_Base) × (Factor_Sum / 10) × ThM
CVSS base 6.5AARS uplift 1.08Factor sum 3.1/10Threat ×1.0Mitigation ×0.85
Autonomy of Action
0.30
Goal-Driven Planning
0.20
Self-Modification
0.00
Dynamic Tool Use
0.50
Persistent Memory
0.20
Contextual Awareness
0.40
Dynamic Identity
0.60
Multi-Agent Interactions
0.30
Non-Determinism
0.30
Opacity & Reflexivity
0.30

Scored with the canonical OWASP AIVSS formula (AIVSS calculator reference); agentic risk factors estimated from the agent’s described capabilities.

MAESTRO 7-layer threat model

Per-layer threats for this agent. Layers tagged “not certain from listing” are general, caveated commentary where the public description didn’t pin that layer.

L1 · Foundation Models⚠ not certain from listing

Not certain from the listing — BullRun acts as an MCP server providing tools to external LLMs; the foundation model risk depends entirely on the client LLM used to call these tools.

L2 · Data Operations✓ mapped

Accesses personal portfolio data and financial market data. Risks include data exfiltration of sensitive portfolio holdings and potential manipulation of financial data inputs.

L3 · Agent Frameworks✓ mapped

Implements MCP tools for financial analysis. Vulnerable to tool misuse if an orchestrating LLM is tricked into executing unauthorized portfolio queries or leaking portfolio data via tool outputs.

L4 · Deployment & Infrastructure✓ mapped

Hosted remote service. Risks include container/host compromise, insecure token storage, and exposure of the remote endpoint to unauthorized network traffic.

L5 · Evaluation & Observability⚠ not certain from listing

Not certain from the listing — No explicit logging, auditing, or guardrails are mentioned for tracking MCP tool execution or detecting anomalous portfolio access.

L6 · Security & Compliance (cross-cutting)✓ mapped

Uses OAuth for protecting the remote endpoint and managing access to personal portfolios. Key risks involve OAuth token leakage, session hijacking, and weak authorization policies.

L7 · Agent Ecosystem✓ mapped

Designed to integrate into an LLM/agent ecosystem via MCP. Risks include cascading failures if a compromised orchestrator agent abuses BullRun's portfolio analysis tools.

MAESTRO — the 7-layer agentic threat-modeling framework (Cloud Security Alliance / Ken Huang).