AgentReadyHomeAgent Listing

← Duet AI

Duet AI — agentic threat model

6.9AIVSS 6.9 · Medium

Duet AI presents a moderate-to-high risk profile due to its deep integration with sensitive enterprise data in Google Workspace and Google Cloud. While backed by Google's robust infrastructure security and IAM controls, its access to business-critical documents and cloud environments makes it a high-value target for prompt injection and data exfiltration.

OWASP AIVSS score rationale

AIVSS = (CVSS_Base + AARS) × Mitigation_Factor, where AARS = (10 − CVSS_Base) × (Factor_Sum / 10) × ThM
CVSS base 8.5AARS uplift 0.66Factor sum 4.4/10Threat ×1.0Mitigation ×0.75
Autonomy of Action
0.40
Goal-Driven Planning
0.50
Self-Modification
0.10
Dynamic Tool Use
0.60
Persistent Memory
0.30
Contextual Awareness
0.80
Dynamic Identity
0.40
Multi-Agent Interactions
0.20
Non-Determinism
0.60
Opacity & Reflexivity
0.50

Scored with the canonical OWASP AIVSS formula (AIVSS calculator reference); agentic risk factors estimated from the agent’s described capabilities.

MAESTRO 7-layer threat model

Per-layer threats for this agent. Layers tagged “not certain from listing” are general, caveated commentary where the public description didn’t pin that layer.

L1 · Foundation Models✓ mapped

Utilizes Google's proprietary foundation models (Gemini/PaLM family). Primary threats include adversarial prompt injection to bypass safety filters, model reprogramming, and potential data leakage of training data via membership inference.

L2 · Data Operations✓ mapped

Performs RAG and data analysis across Google Workspace (Sheets, Docs, Meet) and Google Cloud. Threats include unauthorized data access, data exfiltration via prompt injection, and knowledge-base poisoning if malicious data is introduced into Workspace files.

L3 · Agent Frameworks✓ mapped

Orchestrates actions such as generating custom plans in Sheets and summarizing meetings. Threats involve insecure tool integration where malicious inputs could trigger unintended actions or data classification errors within Workspace.

L4 · Deployment & Infrastructure✓ mapped

Hosted on Google Cloud's enterprise-grade infrastructure. While highly secure and sandboxed, threats include potential privilege escalation if the agent's integration with Google Cloud Console is compromised.

L5 · Evaluation & Observability⚠ not certain from listing

Not certain from the listing — Google likely employs robust internal logging, safety guardrails, and drift detection, but the public listing does not detail specific user-facing evaluation or observability controls.

L6 · Security & Compliance (cross-cutting)✓ mapped

Inherits Google Workspace and Google Cloud's robust security posture, including IAM controls, enterprise compliance (SOC2, ISO), and data privacy policies preventing customer data from being used to train public models.

L7 · Agent Ecosystem⚠ not certain from listing

Not certain from the listing — while it operates across various Workspace and Cloud services, the listing does not specify multi-agent coordination or third-party agent marketplace interactions.

MAESTRO — the 7-layer agentic threat-modeling framework (Cloud Security Alliance / Ken Huang).