AgentReadyHomeAgent Listing

← Stack AI

Stack AI — agentic threat model

6.4AIVSS 6.4 · Medium

Stack AI presents a moderate-to-high risk profile as an enterprise low-code AI orchestrator with direct access to sensitive cloud storage (S3, Google Drive). While its SOC2, HIPAA, and GDPR compliance mitigates foundational security risks, the primary threat lies in insecure user-configured workflows and potential data exfiltration via connected APIs.

OWASP AIVSS score rationale

AIVSS = (CVSS_Base + AARS) × Mitigation_Factor, where AARS = (10 − CVSS_Base) × (Factor_Sum / 10) × ThM
CVSS base 8.5AARS uplift 0.65Factor sum 4.3/10Threat ×1.0Mitigation ×0.7
Autonomy of Action
0.50
Goal-Driven Planning
0.40
Self-Modification
0.10
Dynamic Tool Use
0.70
Persistent Memory
0.50
Contextual Awareness
0.60
Dynamic Identity
0.30
Multi-Agent Interactions
0.30
Non-Determinism
0.50
Opacity & Reflexivity
0.40

Scored with the canonical OWASP AIVSS formula (AIVSS calculator reference); agentic risk factors estimated from the agent’s described capabilities.

MAESTRO 7-layer threat model

Per-layer threats for this agent. Layers tagged “not certain from listing” are general, caveated commentary where the public description didn’t pin that layer.

L1 · Foundation Models⚠ not certain from listing

Not certain from the listing — Stack AI acts as an orchestrator and likely integrates third-party foundation models (e.g., OpenAI, Anthropic) via API, making it susceptible to upstream model vulnerabilities, adversarial prompt injection, and data privacy risks depending on the chosen model provider.

L2 · Data Operations✓ mapped

Integrates directly with enterprise data sources (AWS S3, Google Drive, OneDrive) and uses indexing algorithms for RAG. This introduces risks of data poisoning, unauthorized data exfiltration, and embedding inversion if access controls on connected data sources are not strictly enforced.

L3 · Agent Frameworks✓ mapped

Provides a low-code orchestration framework to build AI workflows. Risks include insecure tool integration, prompt injection bypassing workflow logic, and tool misuse if the built applications are granted excessive execution permissions.

L4 · Deployment & Infrastructure⚠ not certain from listing

Not certain from the listing — while it deploys via APIs and UIs, the underlying sandboxing of execution environments, container isolation, and secret management for connected storage APIs are not detailed, posing potential infrastructure compromise risks.

L5 · Evaluation & Observability⚠ not certain from listing

Not certain from the listing — there is no explicit mention of built-in evaluation, guardrails, or continuous monitoring tools, which could lead to blind spots in detecting drift, prompt injections, or anomalous agent behavior.

L6 · Security & Compliance (cross-cutting)✓ mapped

Demonstrates strong compliance alignment with SOC2, HIPAA, and GDPR, indicating established administrative and technical controls, though implementation details of tenant isolation and fine-grained access control remain critical.

L7 · Agent Ecosystem⚠ not certain from listing

Not certain from the listing — while it allows building multiple custom AI assistants, it is unclear if it supports native multi-agent collaboration or marketplace-based agent-to-agent interactions, which could introduce cascading trust issues.

MAESTRO — the 7-layer agentic threat-modeling framework (Cloud Security Alliance / Ken Huang).