AgentReadyHomeAgent Listing

← bytedanceseedance

bytedanceseedance — agentic threat model

5.5AIVSS 5.5 · Medium

ByteDance Seedance is a low-autonomy generative video agent with minimal systemic risk, primarily exposed to content misuse, deepfake generation, and model IP theft rather than agentic execution threats.

OWASP AIVSS score rationale

AIVSS = (CVSS_Base + AARS) × Mitigation_Factor, where AARS = (10 − CVSS_Base) × (Factor_Sum / 10) × ThM
CVSS base 4.3AARS uplift 1.2Factor sum 2.1/10Threat ×1.0Mitigation ×1.0
Autonomy of Action
0.10
Goal-Driven Planning
0.10
Self-Modification
0.00
Dynamic Tool Use
0.00
Persistent Memory
0.10
Contextual Awareness
0.20
Dynamic Identity
0.00
Multi-Agent Interactions
0.00
Non-Determinism
0.80
Opacity & Reflexivity
0.80

Scored with the canonical OWASP AIVSS formula (AIVSS calculator reference); agentic risk factors estimated from the agent’s described capabilities.

MAESTRO 7-layer threat model

Per-layer threats for this agent. Layers tagged “not certain from listing” are general, caveated commentary where the public description didn’t pin that layer.

L1 · Foundation Models✓ mapped

Uses Seedance 2.0 video generation foundation models. Threats include adversarial prompt injections to bypass safety filters, model stealing of proprietary weights, and output misalignment (generating harmful or copyrighted content).

L2 · Data Operations⚠ not certain from listing

Not certain from the listing — training data pipeline and video/audio datasets are proprietary. Potential threats include training data poisoning and copyright/provenance gaps for the generated cinematic assets.

L3 · Agent Frameworks⚠ not certain from listing

Not certain from the listing — the orchestration framework is not detailed. Likely minimal agentic planning, but vulnerabilities could exist in prompt parsing or video rendering pipeline orchestration.

L4 · Deployment & Infrastructure⚠ not certain from listing

Not certain from the listing — hosted online by ByteDance. Threats include server-side resource exhaustion (GPU mining/denial of service due to heavy 2K video rendering demands) and insecure web endpoints.

L5 · Evaluation & Observability⚠ not certain from listing

Not certain from the listing — no explicit guardrails or monitoring tools are mentioned. Gaps in real-time content moderation could allow generation of deepfakes or policy-violating material.

L6 · Security & Compliance (cross-cutting)⚠ not certain from listing

Not certain from the listing — compliance posture (e.g., EU AI Act compliance for generative media, copyright protection, user data privacy) is unverified.

L7 · Agent Ecosystem⚠ not certain from listing

Not certain from the listing — operates as a standalone vertical video generator with no described multi-agent or marketplace integrations.

MAESTRO — the 7-layer agentic threat-modeling framework (Cloud Security Alliance / Ken Huang).