AgentReadyHomeAgent Listing

← E2B

E2B — agentic threat model

5.5AIVSS 5.5 · Medium

E2B is a highly critical infrastructure platform providing sandboxed code execution for AI agents. While the execution of arbitrary code presents severe inherent risks, E2B's primary design focus is sandboxing, which significantly mitigates host-level compromise.

OWASP AIVSS score rationale

AIVSS = (CVSS_Base + AARS) × Mitigation_Factor, where AARS = (10 − CVSS_Base) × (Factor_Sum / 10) × ThM
CVSS base 8.5AARS uplift 0.66Factor sum 4.4/10Threat ×1.0Mitigation ×0.6
Autonomy of Action
0.80
Goal-Driven Planning
0.20
Self-Modification
0.10
Dynamic Tool Use
0.90
Persistent Memory
0.30
Contextual Awareness
0.40
Dynamic Identity
0.20
Multi-Agent Interactions
0.30
Non-Determinism
0.70
Opacity & Reflexivity
0.50

Scored with the canonical OWASP AIVSS formula (AIVSS calculator reference); agentic risk factors estimated from the agent’s described capabilities.

MAESTRO 7-layer threat model

Per-layer threats for this agent. Layers tagged “not certain from listing” are general, caveated commentary where the public description didn’t pin that layer.

L1 · Foundation Models⚠ not certain from listing

Not certain from the listing — E2B integrates with LLMs but does not host or provide its own foundation models. The primary threat is that adversarial prompt injection on the connected LLM could lead to the generation of malicious code executed within E2B.

L2 · Data Operations⚠ not certain from listing

Not certain from the listing — The description does not detail built-in data operations, vector databases, or RAG pipelines, though executed code can programmatically access external data sources.

L3 · Agent Frameworks✓ mapped

E2B provides a Code Interpreter SDK to orchestrate code execution. Threats include tool misuse where the agent generates and executes destructive code (e.g., infinite loops, resource exhaustion) within the runtime environment.

L4 · Deployment & Infrastructure✓ mapped

This is E2B's core layer. It hosts long-running cloud processes in secure sandboxed environments. Primary threats include sandbox escape, privilege escalation to the host system, and lateral movement within the hosting cloud infrastructure.

L5 · Evaluation & Observability⚠ not certain from listing

Not certain from the listing — While debugging tools are mentioned, the listing does not specify built-in security guardrails, real-time anomaly detection, or comprehensive audit logging for executed code.

L6 · Security & Compliance (cross-cutting)✓ mapped

E2B focuses heavily on security controls by offering sandboxed environments specifically designed to execute untrusted code safely, though specific compliance certifications (e.g., SOC2) are not detailed in the listing.

L7 · Agent Ecosystem✓ mapped

Designed for AI agents and applications, the platform faces ecosystem threats where compromised or malicious third-party agents use E2B's infrastructure to launch outbound network attacks or participate in distributed abuse.

MAESTRO — the 7-layer agentic threat-modeling framework (Cloud Security Alliance / Ken Huang).