AgentReadyHomeAgent Listing

← Fabrice AI

Fabrice AI — agentic threat model

8.5AIVSS 8.5 · High

Fabrice AI is a lightweight, stateless, and composable TypeScript framework for building collaborative AI agents. Its primary security risks stem from its open-ended tool integration and the potential for cascading failures in multi-agent compositions, requiring developers to implement their own sandboxing and state management controls.

OWASP AIVSS score rationale

AIVSS = (CVSS_Base + AARS) × Mitigation_Factor, where AARS = (10 − CVSS_Base) × (Factor_Sum / 10) × ThM
CVSS base 7.5AARS uplift 0.98Factor sum 3.9/10Threat ×1.0Mitigation ×1.0
Autonomy of Action
0.40
Goal-Driven Planning
0.50
Self-Modification
0.10
Dynamic Tool Use
0.50
Persistent Memory
0.10
Contextual Awareness
0.40
Dynamic Identity
0.20
Multi-Agent Interactions
0.70
Non-Determinism
0.60
Opacity & Reflexivity
0.40

Scored with the canonical OWASP AIVSS formula (AIVSS calculator reference); agentic risk factors estimated from the agent’s described capabilities.

MAESTRO 7-layer threat model

Per-layer threats for this agent. Layers tagged “not certain from listing” are general, caveated commentary where the public description didn’t pin that layer.

L1 · Foundation Models⚠ not certain from listing

Not certain from the listing — Fabrice AI is model-agnostic and does not specify a default foundation model, meaning model-level threats like adversarial examples or data poisoning depend entirely on the user's choice of LLM.

L2 · Data Operations⚠ not certain from listing

Not certain from the listing — Being stateless by default, the framework does not mandate specific vector databases or RAG pipelines, leaving data operations and knowledge-base poisoning risks to the developer's implementation.

L3 · Agent Frameworks✓ mapped

As a functional, composable TypeScript framework, L3 is highly relevant. Risks include insecure tool integration, prompt injection bypassing functional constraints, and framework-level vulnerabilities if dynamic code execution or untrusted inputs are passed to composed functions.

L4 · Deployment & Infrastructure⚠ not certain from listing

Not certain from the listing — The framework is infrastructure-agnostic, meaning deployment security, container sandboxing, and secrets management are completely decoupled from the framework and must be managed externally.

L5 · Evaluation & Observability⚠ not certain from listing

Not certain from the listing — The minimal, dependency-light description does not mention built-in evaluation, logging, or guardrail mechanisms, leaving observability gaps unless integrated manually.

L6 · Security & Compliance (cross-cutting)⚠ not certain from listing

Not certain from the listing — As an open-source, minimal framework, there are no mentioned built-in identity, authorization, or compliance controls (such as SOC2 or ISO alignment).

L7 · Agent Ecosystem✓ mapped

With a strong focus on 'team collaboration' and composability, the agent ecosystem layer is critical. Threats include cascading failures across composed agents, trust abuse between collaborative agents, and insecure delegation of tasks within the agent network.

MAESTRO — the 7-layer agentic threat-modeling framework (Cloud Security Alliance / Ken Huang).