AgentReadyHomeAgent Listing

← CreatOK

CreatOK — agentic threat model

7.4AIVSS 7.4 · High

CreatOK is a multi-model AI video generation platform with moderate agentic risk, primarily driven by its integration of multiple external generative models and automated prompt generation, which could be exploited for brand damage or malicious content generation.

OWASP AIVSS score rationale

AIVSS = (CVSS_Base + AARS) × Mitigation_Factor, where AARS = (10 − CVSS_Base) × (Factor_Sum / 10) × ThM
CVSS base 6.5AARS uplift 1.29Factor sum 3.7/10Threat ×1.0Mitigation ×0.95
Autonomy of Action
0.40
Goal-Driven Planning
0.30
Self-Modification
0.10
Dynamic Tool Use
0.40
Persistent Memory
0.20
Contextual Awareness
0.50
Dynamic Identity
0.10
Multi-Agent Interactions
0.40
Non-Determinism
0.70
Opacity & Reflexivity
0.60

Scored with the canonical OWASP AIVSS formula (AIVSS calculator reference); agentic risk factors estimated from the agent’s described capabilities.

MAESTRO 7-layer threat model

Per-layer threats for this agent. Layers tagged “not certain from listing” are general, caveated commentary where the public description didn’t pin that layer.

L1 · Foundation Models✓ mapped

Utilizes multiple foundation models (Sora 2, Wan, Seedance, Veo3, Doubao). This diverse model dependency increases exposure to model-specific vulnerabilities, adversarial prompt injections, and misaligned or harmful video outputs.

L2 · Data Operations✓ mapped

Processes user-uploaded product images, categories, and target market data. Risks include data poisoning via malicious image uploads and potential exfiltration of proprietary e-commerce product data.

L3 · Agent Frameworks✓ mapped

Orchestrates a workflow of image recognition, prompt generation, and video rendering. Vulnerabilities in the orchestration framework could allow prompt injection to hijack the video generation parameters or manipulate the A/B testing dashboard.

L4 · Deployment & Infrastructure⚠ not certain from listing

Not certain from the listing — Likely hosted on cloud infrastructure with heavy GPU rendering capabilities. Potential threats include API key exposure for external model providers, resource exhaustion (DoS) during video rendering, and container isolation failures.

L5 · Evaluation & Observability✓ mapped

Features a built-in A/B testing data dashboard and compliance review tools. While this provides some observability, risks include blind spots in the compliance filters and potential manipulation of performance metrics.

L6 · Security & Compliance (cross-cutting)⚠ not certain from listing

Not certain from the listing — Mentions 'compliance review tools' for content strategy, but lacks details on enterprise security controls, user authentication, data encryption, or regulatory compliance (e.g., GDPR, EU AI Act).

L7 · Agent Ecosystem✓ mapped

Operates as an 'Agent-based platform' coordinating across multiple video generation services. Risks include cascading failures if upstream model APIs fail, and trust boundary issues when passing user data across different model ecosystems.

MAESTRO — the 7-layer agentic threat-modeling framework (Cloud Security Alliance / Ken Huang).