Duet AI — agentic threat model
Duet AI presents a moderate-to-high risk profile due to its deep integration with sensitive enterprise data in Google Workspace and Google Cloud. While backed by Google's robust infrastructure security and IAM controls, its access to business-critical documents and cloud environments makes it a high-value target for prompt injection and data exfiltration.
OWASP AIVSS score rationale
| Autonomy of Action | 0.40 | |
| Goal-Driven Planning | 0.50 | |
| Self-Modification | 0.10 | |
| Dynamic Tool Use | 0.60 | |
| Persistent Memory | 0.30 | |
| Contextual Awareness | 0.80 | |
| Dynamic Identity | 0.40 | |
| Multi-Agent Interactions | 0.20 | |
| Non-Determinism | 0.60 | |
| Opacity & Reflexivity | 0.50 |
Scored with the canonical OWASP AIVSS formula (AIVSS calculator reference); agentic risk factors estimated from the agent’s described capabilities.
MAESTRO 7-layer threat model
Per-layer threats for this agent. Layers tagged “not certain from listing” are general, caveated commentary where the public description didn’t pin that layer.
Utilizes Google's proprietary foundation models (Gemini/PaLM family). Primary threats include adversarial prompt injection to bypass safety filters, model reprogramming, and potential data leakage of training data via membership inference.
Performs RAG and data analysis across Google Workspace (Sheets, Docs, Meet) and Google Cloud. Threats include unauthorized data access, data exfiltration via prompt injection, and knowledge-base poisoning if malicious data is introduced into Workspace files.
Orchestrates actions such as generating custom plans in Sheets and summarizing meetings. Threats involve insecure tool integration where malicious inputs could trigger unintended actions or data classification errors within Workspace.
Hosted on Google Cloud's enterprise-grade infrastructure. While highly secure and sandboxed, threats include potential privilege escalation if the agent's integration with Google Cloud Console is compromised.
Not certain from the listing — Google likely employs robust internal logging, safety guardrails, and drift detection, but the public listing does not detail specific user-facing evaluation or observability controls.
Inherits Google Workspace and Google Cloud's robust security posture, including IAM controls, enterprise compliance (SOC2, ISO), and data privacy policies preventing customer data from being used to train public models.
Not certain from the listing — while it operates across various Workspace and Cloud services, the listing does not specify multi-agent coordination or third-party agent marketplace interactions.
MAESTRO — the 7-layer agentic threat-modeling framework (Cloud Security Alliance / Ken Huang).