Claude for Work — agentic threat model
Claude for Work presents a moderate security risk primarily centered on data privacy and intellectual property exposure, as it processes trusted enterprise knowledge within a closed-source LLM framework without explicit details on sandboxing or access controls.
OWASP AIVSS score rationale
| Autonomy of Action | 0.40 | |
| Goal-Driven Planning | 0.30 | |
| Self-Modification | 0.00 | |
| Dynamic Tool Use | 0.30 | |
| Persistent Memory | 0.20 | |
| Contextual Awareness | 0.60 | |
| Dynamic Identity | 0.10 | |
| Multi-Agent Interactions | 0.10 | |
| Non-Determinism | 0.50 | |
| Opacity & Reflexivity | 0.70 |
Scored with the canonical OWASP AIVSS formula (AIVSS calculator reference); agentic risk factors estimated from the agent’s described capabilities.
MAESTRO 7-layer threat model
Per-layer threats for this agent. Layers tagged “not certain from listing” are general, caveated commentary where the public description didn’t pin that layer.
Utilizes proprietary Claude foundation models, which are susceptible to sophisticated prompt injection, jailbreaking, and potential training data reconstruction attacks.
Not certain from the listing — details on the specific vector database or data pipeline are omitted, but utilizing 'trusted knowledge' implies RAG or enterprise search integrations vulnerable to data poisoning and unauthorized access.
Not certain from the listing — the orchestration framework and tool-calling capabilities are not specified, posing risks of unvalidated tool execution if integrated with enterprise systems.
Not certain from the listing — deployment details (SaaS, VPC, or hybrid) are not provided, leaving infrastructure security, sandboxing, and secrets management unverified.
Not certain from the listing — there is no mention of built-in guardrails, real-time monitoring, or evaluation frameworks to detect drift or malicious prompt injections.
Not certain from the listing — while 'for Work' implies enterprise compliance and access controls, specific identity federation (SAML/OIDC) and RBAC configurations are not detailed.
Not certain from the listing — it is unclear if this deployment supports multi-agent collaboration or third-party marketplace integrations, which could introduce cascading trust issues.
MAESTRO — the 7-layer agentic threat-modeling framework (Cloud Security Alliance / Ken Huang).