AgentReadyHomeAgent Listing

← RAD Security MCP

RAD Security MCP — agentic threat model

8.7AIVSS 8.7 · High

The RAD Security MCP agent acts as a high-value reconnaissance target, exposing live Kubernetes and cloud security posture data to natural-language queries. Its primary risk stems from the potential compromise of the over-broad credentials required to access live telemetry, combined with its role in feeding sensitive context to other agents.

OWASP AIVSS score rationale

AIVSS = (CVSS_Base + AARS) × Mitigation_Factor, where AARS = (10 − CVSS_Base) × (Factor_Sum / 10) × ThM
CVSS base 8.5AARS uplift 0.65Factor sum 4.1/10Threat ×1.05Mitigation ×0.95
Autonomy of Action
0.30
Goal-Driven Planning
0.20
Self-Modification
0.00
Dynamic Tool Use
0.70
Persistent Memory
0.10
Contextual Awareness
0.80
Dynamic Identity
0.50
Multi-Agent Interactions
0.80
Non-Determinism
0.40
Opacity & Reflexivity
0.30

Scored with the canonical OWASP AIVSS formula (AIVSS calculator reference); agentic risk factors estimated from the agent’s described capabilities.

MAESTRO 7-layer threat model

Per-layer threats for this agent. Layers tagged “not certain from listing” are general, caveated commentary where the public description didn’t pin that layer.

L1 · Foundation Models⚠ not certain from listing

Not certain from the listing — the underlying LLM is not specified, but risks include prompt injection leading to unauthorized data retrieval or model reprogramming to hide specific security findings.

L2 · Data Operations✓ mapped

The agent queries live cloud and Kubernetes telemetry and RAD Security platform data. Risks include data exfiltration of sensitive infrastructure metadata and potential poisoning of the security findings database to mask malicious activity.

L3 · Agent Frameworks✓ mapped

As an MCP tool, it integrates with agent frameworks to provide context. Risks include insecure tool integration where other agents misuse the RAD Security MCP to extract sensitive posture data or execute unauthorized queries.

L4 · Deployment & Infrastructure✓ mapped

The agent connects to live cloud and K8s telemetry. The primary risk is the exposure or compromise of over-broad credentials (API keys, kubeconfigs) used to access these environments, potentially leading to lateral movement.

L5 · Evaluation & Observability⚠ not certain from listing

Not certain from the listing — no explicit evaluation or observability guardrails are mentioned. Gaps could lead to undetected prompt injections or unauthorized queries going unlogged.

L6 · Security & Compliance (cross-cutting)⚠ not certain from listing

Not certain from the listing — while it is a security tool, its own access controls, authentication mechanisms, and compliance alignments (e.g., SOC2) are not detailed, raising risks of unauthorized access to the MCP server.

L7 · Agent Ecosystem✓ mapped

Designed specifically to provide runtime and threat context to other agents. Risks include cascading failures or trust abuse where a compromised orchestrator agent exploits this MCP to map out the entire cloud infrastructure for exploitation.

MAESTRO — the 7-layer agentic threat-modeling framework (Cloud Security Alliance / Ken Huang).