AgentReadyHomeAgent Listing

← Seedance AI

Seedance AI — agentic threat model

6.3AIVSS 6.3 · Medium

Seedance AI is a low-autonomy generative video platform with risks primarily centered around model output alignment (such as deepfakes or copyright violations) and the security of uploaded reference files, rather than autonomous system execution or tool misuse.

OWASP AIVSS score rationale

AIVSS = (CVSS_Base + AARS) × Mitigation_Factor, where AARS = (10 − CVSS_Base) × (Factor_Sum / 10) × ThM
CVSS base 5.3AARS uplift 1.03Factor sum 2.2/10Threat ×1.0Mitigation ×1.0
Autonomy of Action
0.20
Goal-Driven Planning
0.10
Self-Modification
0.00
Dynamic Tool Use
0.10
Persistent Memory
0.20
Contextual Awareness
0.30
Dynamic Identity
0.00
Multi-Agent Interactions
0.00
Non-Determinism
0.70
Opacity & Reflexivity
0.60

Scored with the canonical OWASP AIVSS formula (AIVSS calculator reference); agentic risk factors estimated from the agent’s described capabilities.

MAESTRO 7-layer threat model

Per-layer threats for this agent. Layers tagged “not certain from listing” are general, caveated commentary where the public description didn’t pin that layer.

L1 · Foundation Models✓ mapped

Uses foundation video and audio generation models. Key threats include adversarial prompt injection to bypass safety filters, model reprogramming, and the generation of misaligned, harmful, or copyright-infringing outputs.

L2 · Data Operations✓ mapped

Processes up to 12 user-uploaded reference files for character and style consistency. Threats include data exfiltration of private user assets, embedding inversion, and potential data poisoning if malicious reference files are used to exploit the processing pipeline.

L3 · Agent Frameworks⚠ not certain from listing

Not certain from the listing — The orchestration framework for syncing audio and video is not detailed. Potential threats include insecure integration of the audio-video generation pipelines and pipeline manipulation via crafted inputs.

L4 · Deployment & Infrastructure⚠ not certain from listing

Not certain from the listing — Hosting and infrastructure details are not provided. Standard threats include container compromise during heavy GPU-based rendering workloads and unauthorized access to cloud storage buckets containing generated videos.

L5 · Evaluation & Observability⚠ not certain from listing

Not certain from the listing — No mention of guardrails, content moderation, or observability tools. Gaps here could allow the generation of explicit, deepfaked, or copyrighted material without detection.

L6 · Security & Compliance (cross-cutting)⚠ not certain from listing

Not certain from the listing — Mentions a commercial license but lacks details on security certifications (e.g., SOC2) or compliance measures regarding biometric/facial data processing of uploaded reference characters.

L7 · Agent Ecosystem⚠ not certain from listing

Not certain from the listing — No multi-agent or marketplace ecosystem is described, meaning risks associated with rogue agent interactions or cascading ecosystem failures are currently negligible.

MAESTRO — the 7-layer agentic threat-modeling framework (Cloud Security Alliance / Ken Huang).