PlexeAI — agentic threat model

9.0AIVSS 9.0 · Critical

PlexeAI presents a high-risk profile due to its automated model generation and continuous improvement capabilities, which require handling sensitive training data and executing complex code-generation workflows. A compromise could lead to data poisoning, intellectual property theft of custom models, or arbitrary code execution within the model-building environment.

OWASP AIVSS score rationale

AIVSS = (CVSS_Base + AARS) × Mitigation_Factor, where AARS = (10 − CVSS_Base) × (Factor_Sum / 10) × ThM

CVSS base 8.1AARS uplift 0.86Factor sum 4.5/10Threat ×1.0Mitigation ×1.0

Autonomy of Action		0.70
Goal-Driven Planning		0.60
Self-Modification		0.40
Dynamic Tool Use		0.50
Persistent Memory		0.50
Contextual Awareness		0.40
Dynamic Identity		0.10
Multi-Agent Interactions		0.20
Non-Determinism		0.60
Opacity & Reflexivity		0.50

Scored with the canonical OWASP AIVSS formula (AIVSS calculator reference); agentic risk factors estimated from the agent’s described capabilities.

MAESTRO 7-layer threat model

Per-layer threats for this agent. Layers tagged “not certain from listing” are general, caveated commentary where the public description didn’t pin that layer.

L1 · Foundation Models⚠ not certain from listing

Not certain from the listing — The specific foundation models used to interpret natural language and generate code are undisclosed. Threats include prompt injection manipulating the model generation logic, and model stealing of the generated custom architectures.

L2 · Data Operations✓ mapped

Plexe ingests user data to train, evaluate, and continuously improve custom models. This exposes the platform to data poisoning (corrupting the generated model's behavior) and data exfiltration of proprietary business datasets.

L3 · Agent Frameworks⚠ not certain from listing

Not certain from the listing — The orchestration framework managing the transition from natural language definition to a trained model is proprietary. Threats include insecure tool integration, particularly if the orchestrator executes generated code or training scripts in an unconstrained manner.

L4 · Deployment & Infrastructure⚠ not certain from listing

Not certain from the listing — The hosting and sandboxing environment for model training and execution is not detailed. A key threat is container escape or privilege escalation during the resource-heavy model generation and training phases.

L5 · Evaluation & Observability✓ mapped

Plexe emphasizes 'interpretable results' and 'continuous model improvement', requiring robust evaluation and drift monitoring. Gaps here could lead to evaluation gaming, undetected model drift, or insufficient logging of malicious training inputs.

L6 · Security & Compliance (cross-cutting)⚠ not certain from listing

Not certain from the listing — No specific compliance certifications (e.g., SOC2, ISO) or identity governance controls are mentioned, raising concerns about unauthorized access to proprietary generated models and training data.

L7 · Agent Ecosystem⚠ not certain from listing

Not certain from the listing — While Plexe focuses on model generation, it is unclear if these models interact in a multi-agent ecosystem. If they do, threats include cascading failures and trust abuse between generated models.

MAESTRO — the 7-layer agentic threat-modeling framework (Cloud Security Alliance / Ken Huang).