AgentReadyHomeAgent Listing

← Dust AI

Dust AI — agentic threat model

8.1AIVSS 8.1 · High

Dust AI presents a high-risk profile as an enterprise agent platform with deep integration into company knowledge bases and internal APIs. Its support for multi-step workflows and tool execution amplifies the potential impact of prompt injection or tool misuse.

OWASP AIVSS score rationale

AIVSS = (CVSS_Base + AARS) × Mitigation_Factor, where AARS = (10 − CVSS_Base) × (Factor_Sum / 10) × ThM
CVSS base 8.5AARS uplift 1.02Factor sum 6.5/10Threat ×1.05Mitigation ×0.85
Autonomy of Action
0.80
Goal-Driven Planning
0.80
Self-Modification
0.30
Dynamic Tool Use
0.80
Persistent Memory
0.70
Contextual Awareness
0.90
Dynamic Identity
0.40
Multi-Agent Interactions
0.50
Non-Determinism
0.70
Opacity & Reflexivity
0.60

Scored with the canonical OWASP AIVSS formula (AIVSS calculator reference); agentic risk factors estimated from the agent’s described capabilities.

MAESTRO 7-layer threat model

Per-layer threats for this agent. Layers tagged “not certain from listing” are general, caveated commentary where the public description didn’t pin that layer.

L1 · Foundation Models⚠ not certain from listing

Not certain from the listing — The specific foundation models powering Dust AI are not disclosed. Standard LLM threats like prompt injection, adversarial reprogramming, and misaligned outputs remain highly relevant as they could hijack the agent's reasoning chains.

L2 · Data Operations✓ mapped

Dust AI integrates deeply with company knowledge sources and internal tools. This creates significant exposure to data/knowledge-base poisoning (where malicious internal documents alter agent behavior) and unauthorized data exfiltration via tool connectors.

L3 · Agent Frameworks✓ mapped

The platform supports multi-step workflows, reasoning chains, memory, and tool connectors. This introduces severe risks of tool misuse, insecure tool integration, and memory poisoning, where malicious inputs persist in the agent's state and compromise subsequent steps.

L4 · Deployment & Infrastructure⚠ not certain from listing

Not certain from the listing — The hosting infrastructure, network sandboxing, and secrets management for API integrations are not detailed, leaving potential risks of container compromise or lateral movement unverified.

L5 · Evaluation & Observability✓ mapped

Dust AI explicitly features 'observability' as a key capability. While this helps mitigate blind spots, robust guardrails and anomaly detection are required to prevent evaluation gaming or undetected drift in complex reasoning chains.

L6 · Security & Compliance (cross-cutting)⚠ not certain from listing

Not certain from the listing — Although described as 'Enterprise Software' that 'securely manages data', specific compliance certifications (such as SOC2, ISO 27001) or granular role-based access controls (RBAC) are not explicitly detailed.

L7 · Agent Ecosystem⚠ not certain from listing

Not certain from the listing — While teams can build multiple custom agents, the listing does not specify if these agents interact directly with each other or if there is an active multi-agent ecosystem/marketplace, which would introduce risks of cascading failures or agent-to-agent trust abuse.

MAESTRO — the 7-layer agentic threat-modeling framework (Cloud Security Alliance / Ken Huang).