Cruise — agentic threat model
Cruise represents an extreme-risk agentic profile due to its direct control over physical actuators in safety-critical public environments, where perception or planning failures can lead to immediate physical harm.
OWASP AIVSS score rationale
| Autonomy of Action | 1.00 | |
| Goal-Driven Planning | 0.90 | |
| Self-Modification | 0.10 | |
| Dynamic Tool Use | 0.80 | |
| Persistent Memory | 0.50 | |
| Contextual Awareness | 1.00 | |
| Dynamic Identity | 0.20 | |
| Multi-Agent Interactions | 0.60 | |
| Non-Determinism | 0.70 | |
| Opacity & Reflexivity | 0.80 |
Scored with the canonical OWASP AIVSS formula (AIVSS calculator reference); agentic risk factors estimated from the agent’s described capabilities.
MAESTRO 7-layer threat model
Per-layer threats for this agent. Layers tagged “not certain from listing” are general, caveated commentary where the public description didn’t pin that layer.
Perception and decision-making rely on deep learning models. Threats include physical adversarial attacks (e.g., modified road signs), sensor spoofing, and model evasion that causes misclassification of obstacles.
Relies heavily on high-definition (HD) maps, localization data, and continuous sensor streams. Threats include HD map poisoning, GPS spoofing, and data exfiltration of sensitive passenger location history.
The vehicle's planning and control framework translates model outputs into physical actions (steering, braking). Threats include logic flaws in path planning, race conditions in sensor fusion, and unauthorized actuator command execution.
On-vehicle compute units, cellular networks (5G/LTE), and Over-The-Air (OTA) update infrastructure. Threats include remote code execution via cellular basebands, OTA update hijacking, and physical access port exploitation.
Real-time telemetry, remote assistance fallback systems, and black-box event logging. Threats include denial-of-service on remote operator links, telemetry spoofing to mask critical failures, and logging gaps during safety incidents.
Subject to automotive safety standards (ISO 26262, ISO/SAE 21434) and NHTSA regulations. Threats include compliance drift, inadequate safety-case documentation for edge cases, and lack of standardized AI-specific security controls.
Interacts with fleet management systems, ride-hailing dispatch platforms, and potentially V2X (Vehicle-to-Everything) infrastructure. Threats include fleet-wide compromise via centralized dispatch servers and cascading routing failures.
MAESTRO — the 7-layer agentic threat-modeling framework (Cloud Security Alliance / Ken Huang).