Delve — agentic threat model
Delve presents a high agentic risk profile due to its write-access capabilities (automatic code vulnerability fixes) and broad read-access to internal tools and web apps for compliance monitoring, making it a high-value target for supply chain and data exfiltration attacks.
OWASP AIVSS score rationale
| Autonomy of Action | 0.80 | |
| Goal-Driven Planning | 0.70 | |
| Self-Modification | 0.10 | |
| Dynamic Tool Use | 0.80 | |
| Persistent Memory | 0.50 | |
| Contextual Awareness | 0.80 | |
| Dynamic Identity | 0.60 | |
| Multi-Agent Interactions | 0.50 | |
| Non-Determinism | 0.60 | |
| Opacity & Reflexivity | 0.70 |
Scored with the canonical OWASP AIVSS formula (AIVSS calculator reference); agentic risk factors estimated from the agent’s described capabilities.
MAESTRO 7-layer threat model
Per-layer threats for this agent. Layers tagged “not certain from listing” are general, caveated commentary where the public description didn’t pin that layer.
Not certain from the listing — The specific foundation models powering Delve's compliance reasoning and code scanning are not disclosed, leaving potential vulnerabilities to model-level prompt injection or adversarial manipulation unverified.
Collects evidence from web apps, internal tools, and custom software, exposing it to data exfiltration and ingestion of sensitive data.
Uses tools to scan code and automatically apply fixes, presenting high risk of tool misuse or unauthorized code modification.
Not certain from the listing — The hosting environment, sandboxing of the code-fixing execution environment, and secrets management for connected web apps and internal tools are not detailed.
Not certain from the listing — While real-time compliance monitoring is provided for the client, the internal observability, logging, and guardrails protecting the agent's own actions are not specified.
Designed to support SOC 2, HIPAA, ISO 27001, GDPR, and PCI DSS, but its own internal security controls and authorization boundaries must be strictly validated.
Uses multiple AI agents for evidence collection and integrates with Slack, introducing risks of multi-agent coordination failures or unauthorized Slack-based command execution.
MAESTRO — the 7-layer agentic threat-modeling framework (Cloud Security Alliance / Ken Huang).