AgentReadyHomeAgent Listing

← Epicenter

Epicenter — agentic threat model

8.6AIVSS 8.6 · High

Epicenter's primary risk lies in its central role as a shared memory layer across multiple applications, creating a high-value target for memory poisoning and cross-application data exfiltration.

OWASP AIVSS score rationale

AIVSS = (CVSS_Base + AARS) × Mitigation_Factor, where AARS = (10 − CVSS_Base) × (Factor_Sum / 10) × ThM
CVSS base 7.5AARS uplift 1.05Factor sum 4.2/10Threat ×1.0Mitigation ×1.0
Autonomy of Action
0.30
Goal-Driven Planning
0.20
Self-Modification
0.40
Dynamic Tool Use
0.40
Persistent Memory
0.90
Contextual Awareness
0.70
Dynamic Identity
0.10
Multi-Agent Interactions
0.30
Non-Determinism
0.50
Opacity & Reflexivity
0.40

Scored with the canonical OWASP AIVSS formula (AIVSS calculator reference); agentic risk factors estimated from the agent’s described capabilities.

MAESTRO 7-layer threat model

Per-layer threats for this agent. Layers tagged “not certain from listing” are general, caveated commentary where the public description didn’t pin that layer.

L1 · Foundation Models⚠ not certain from listing

Not certain from the listing — The specific foundation models used by Epicenter are not disclosed. However, any underlying LLM used to process or summarize shared memory is susceptible to indirect prompt injection via malicious data ingested from connected applications.

L2 · Data Operations✓ mapped

Epicenter's core value proposition is cross-application memory. This introduces severe data operations risks, including memory/knowledge-base poisoning, data exfiltration of sensitive user context across application boundaries, and embedding inversion if vector databases are used without encryption.

L3 · Agent Frameworks✓ mapped

As a memory framework, Epicenter is vulnerable to memory poisoning and state manipulation. If the framework lacks strict validation of the memory payloads received from or sent to external applications, malicious inputs can hijack the agentic workflow.

L4 · Deployment & Infrastructure⚠ not certain from listing

Not certain from the listing — While tagged as open source, the deployment architecture (local storage vs. cloud-hosted database) is unspecified. If stored locally, insecure file permissions could expose the memory; if cloud-hosted, exposed API endpoints and credential theft are primary threats.

L5 · Evaluation & Observability⚠ not certain from listing

Not certain from the listing — There is no mention of observability, logging, or guardrails to monitor what is being written to or read from the shared memory, creating a blind spot for detecting memory poisoning attacks.

L6 · Security & Compliance (cross-cutting)⚠ not certain from listing

Not certain from the listing — The listing does not detail access control policies, authentication mechanisms, or compliance standards (such as GDPR/CCPA regarding the 'right to be forgotten' for persistent shared memory).

L7 · Agent Ecosystem✓ mapped

By sharing memory across different applications, Epicenter establishes an implicit ecosystem trust boundary. A compromise or malicious input in one connected application can propagate poisoned memory to all other connected applications, leading to cascading trust abuse.

MAESTRO — the 7-layer agentic threat-modeling framework (Cloud Security Alliance / Ken Huang).