AgentReadyHomeAgent Listing

← Databricks databricks-aibi-dashboards

Databricks databricks-aibi-dashboards — agentic threat model

7.2AIVSS 7.2 · High

This agent presents a high-impact risk profile due to its direct integration with Databricks Lakehouse data; a compromise or prompt injection attack could lead to unauthorized data querying, schema exposure, or data exfiltration, though risks are partially mitigated by Databricks' underlying platform security.

OWASP AIVSS score rationale

AIVSS = (CVSS_Base + AARS) × Mitigation_Factor, where AARS = (10 − CVSS_Base) × (Factor_Sum / 10) × ThM
CVSS base 8.5AARS uplift 0.55Factor sum 3.7/10Threat ×1.0Mitigation ×0.8
Autonomy of Action
0.40
Goal-Driven Planning
0.50
Self-Modification
0.10
Dynamic Tool Use
0.70
Persistent Memory
0.20
Contextual Awareness
0.60
Dynamic Identity
0.20
Multi-Agent Interactions
0.10
Non-Determinism
0.50
Opacity & Reflexivity
0.40

Scored with the canonical OWASP AIVSS formula (AIVSS calculator reference); agentic risk factors estimated from the agent’s described capabilities.

MAESTRO 7-layer threat model

Per-layer threats for this agent. Layers tagged “not certain from listing” are general, caveated commentary where the public description didn’t pin that layer.

L1 · Foundation Models⚠ not certain from listing

Not certain from the listing — The specific foundation model (e.g., DBRX or external LLM) is not disclosed. Threats include prompt injection that could manipulate the model into generating malicious SQL queries or exposing underlying database schemas.

L2 · Data Operations✓ mapped

Directly binds to Lakehouse data to query and configure datasets. This creates a high risk of data exfiltration, unauthorized data access, or exposure of sensitive metadata if the agent is manipulated into querying unauthorized tables.

L3 · Agent Frameworks✓ mapped

The agent framework translates user intent into dashboard schemas and dataset configurations. Vulnerabilities include insecure tool integration where the SQL generation tool might execute arbitrary commands or bypass query limits.

L4 · Deployment & Infrastructure⚠ not certain from listing

Not certain from the listing — While presumably hosted within the secure Databricks platform, the specific sandboxing of the agent's execution environment and network isolation boundaries are not detailed.

L5 · Evaluation & Observability⚠ not certain from listing

Not certain from the listing — Platform-level logging is expected, but specific guardrails to detect and block malicious query generation or anomalous data access patterns by the agent are not specified.

L6 · Security & Compliance (cross-cutting)✓ mapped

Crucial layer as the agent must respect Databricks Unity Catalog permissions and user IAM roles. A key threat is privilege escalation if the agent executes queries with higher privileges than the end-user.

L7 · Agent Ecosystem⚠ not certain from listing

Not certain from the listing — The agent is described as a standalone 'Agent Skill' within Databricks, with no explicit details on multi-agent collaboration or external ecosystem integrations.

MAESTRO — the 7-layer agentic threat-modeling framework (Cloud Security Alliance / Ken Huang).