Directory for AI — agentic threat model
The Directory for AI is an informational catalog with minimal agentic capabilities, presenting low inherent risk. The primary security concern is the integrity of its curated listings, where a compromise could lead to the promotion of malicious or fraudulent AI tools.
OWASP AIVSS score rationale
| Autonomy of Action | 0.10 | |
| Goal-Driven Planning | 0.00 | |
| Self-Modification | 0.00 | |
| Dynamic Tool Use | 0.00 | |
| Persistent Memory | 0.10 | |
| Contextual Awareness | 0.20 | |
| Dynamic Identity | 0.00 | |
| Multi-Agent Interactions | 0.00 | |
| Non-Determinism | 0.20 | |
| Opacity & Reflexivity | 0.10 |
Scored with the canonical OWASP AIVSS formula (AIVSS calculator reference); agentic risk factors estimated from the agent’s described capabilities.
MAESTRO 7-layer threat model
Per-layer threats for this agent. Layers tagged “not certain from listing” are general, caveated commentary where the public description didn’t pin that layer.
Not certain from the listing — It is unclear if the directory uses an underlying foundation model for search, categorization, or recommendations. If a model is used, it faces risks of prompt injection to bias tool recommendations.
Not certain from the listing — The platform relies on a curated database of AI tools. The primary threat is data poisoning or unauthorized modification of the directory database to inject malicious links or spoofed tool entries.
Not certain from the listing — There is no indication of an active agent orchestration framework, planning capabilities, or tool-calling mechanisms in this directory application.
Not certain from the listing — Standard web application hosting risks apply, such as server compromise or database exposure, but no specific deployment or sandboxing details are provided.
Not certain from the listing — No observability, logging, or guardrail mechanisms are described to monitor user queries or detect anomalous search behavior.
Not certain from the listing — The listing does not mention any access controls, user authentication, or compliance frameworks (e.g., GDPR, SOC2) for managing user data or directory curation.
Not certain from the listing — While the platform indexes other AI tools and agents, it does not actively interact with them or participate in a dynamic multi-agent ecosystem.
MAESTRO — the 7-layer agentic threat-modeling framework (Cloud Security Alliance / Ken Huang).