AgentReadyHomeAgent Listing

← Kortix Suna AI

Kortix Suna AI — agentic threat model

8.8AIVSS 8.8 · High

Suna by Kortix is an autonomous, open-source generalist agent with high planning and execution capabilities across sensitive domains like hiring and operations. Its open-source nature and lack of built-in security guardrails place a heavy security burden on the deployer to prevent tool abuse and data exfiltration.

OWASP AIVSS score rationale

AIVSS = (CVSS_Base + AARS) × Mitigation_Factor, where AARS = (10 − CVSS_Base) × (Factor_Sum / 10) × ThM
CVSS base 7.5AARS uplift 1.3Factor sum 5.2/10Threat ×1.0Mitigation ×1.0
Autonomy of Action
0.80
Goal-Driven Planning
0.80
Self-Modification
0.20
Dynamic Tool Use
0.60
Persistent Memory
0.40
Contextual Awareness
0.70
Dynamic Identity
0.20
Multi-Agent Interactions
0.30
Non-Determinism
0.70
Opacity & Reflexivity
0.50

Scored with the canonical OWASP AIVSS formula (AIVSS calculator reference); agentic risk factors estimated from the agent’s described capabilities.

MAESTRO 7-layer threat model

Per-layer threats for this agent. Layers tagged “not certain from listing” are general, caveated commentary where the public description didn’t pin that layer.

L1 · Foundation Models⚠ not certain from listing

Not certain from the listing — Suna likely supports various open or closed LLMs. Threats include prompt injection bypassing task boundaries, adversarial reprogramming, and misaligned outputs during complex task execution.

L2 · Data Operations⚠ not certain from listing

Not certain from the listing — Likely utilizes local files, web scraping, or vector databases for market research and hiring tasks. Threats include data poisoning of research sources and exfiltration of sensitive candidate or corporate data.

L3 · Agent Frameworks✓ mapped

As an open-source autonomous agent framework executing complex tasks (hiring, planning), it is highly vulnerable to tool misuse, insecure tool integration, and prompt injection leading to unauthorized API or system execution.

L4 · Deployment & Infrastructure⚠ not certain from listing

Not certain from the listing — Being open-source, deployment is user-managed. Threats include insecure hosting environments, lack of sandboxing for tool execution, and credential exposure in local environments.

L5 · Evaluation & Observability⚠ not certain from listing

Not certain from the listing — No built-in guardrails or observability stack is detailed. Gaps in logging and drift detection could allow malicious agent behavior to go unnoticed.

L6 · Security & Compliance (cross-cutting)⚠ not certain from listing

Not certain from the listing — No compliance certifications (SOC2, ISO) or built-in RBAC/identity management are mentioned, shifting the entire compliance burden to the self-hosting user.

L7 · Agent Ecosystem⚠ not certain from listing

Not certain from the listing — While Suna acts as an individual 'AI employee', integration into broader enterprise workflows or multi-agent setups poses risks of cascading failures and trust abuse.

MAESTRO — the 7-layer agentic threat-modeling framework (Cloud Security Alliance / Ken Huang).