Docyrus AI Agent Framework — agentic threat model
Docyrus AI Agent Framework presents a high-risk profile due to its extensive integration capabilities (SQL execution, CRM logging, email sending) and multi-agent orchestration, but this is partially offset by robust enterprise security controls like row-level security, scoped tool access, and human-in-the-loop pauses.
OWASP AIVSS score rationale
| Autonomy of Action | 0.70 | |
| Goal-Driven Planning | 0.80 | |
| Self-Modification | 0.20 | |
| Dynamic Tool Use | 0.90 | |
| Persistent Memory | 0.80 | |
| Contextual Awareness | 0.80 | |
| Dynamic Identity | 0.50 | |
| Multi-Agent Interactions | 0.90 | |
| Non-Determinism | 0.70 | |
| Opacity & Reflexivity | 0.60 |
Scored with the canonical OWASP AIVSS formula (AIVSS calculator reference); agentic risk factors estimated from the agent’s described capabilities.
MAESTRO 7-layer threat model
Per-layer threats for this agent. Layers tagged “not certain from listing” are general, caveated commentary where the public description didn’t pin that layer.
Supports multiple external foundation models (OpenAI, Anthropic, Google, Groq), introducing risks of prompt injection, adversarial manipulation, and dependency on third-party model alignment and availability.
Features enterprise RAG with citations and SQL execution. Risks include knowledge-base poisoning, embedding inversion, and unauthorized data exfiltration via manipulated retrieval queries.
Orchestrates multi-agent workflows and tool calling (SQL, CRM, email). Vulnerable to tool misuse, indirect prompt injection leading to unauthorized actions, and memory poisoning across sessions.
Not certain from the listing — details on the underlying hosting infrastructure, containerization, or sandboxing of background workers and SQL execution environments are not specified, posing potential risks of privilege escalation or lateral movement.
Includes logging, guardrails, and auditable MCP gateway calls, which help mitigate blind spots, though complex multi-agent interactions still present risks of evaluation gaming and drift.
Implements enterprise security controls including multi-tenancy, row-level security, API key management, and scoped tool access to enforce authorization boundaries and compliance.
Supports multi-agent delegation and Model Context Protocol (MCP) gateway calls. Risks include cascading failures, agent-to-agent trust abuse, and rogue agent behavior during delegation.
MAESTRO — the 7-layer agentic threat-modeling framework (Cloud Security Alliance / Ken Huang).