AgentReadyHomeAgent Listing

← Vertex AI Agent Builder

Vertex AI Agent Builder — agentic threat model

6.5AIVSS 6.5 · Medium

Vertex AI Agent Builder is a high-privilege enterprise platform hosting critical ML pipelines and agent deployments, presenting significant risk of data poisoning and infrastructure compromise, though mitigated by robust Google Cloud governance and security controls.

OWASP AIVSS score rationale

AIVSS = (CVSS_Base + AARS) × Mitigation_Factor, where AARS = (10 − CVSS_Base) × (Factor_Sum / 10) × ThM
CVSS base 8.5AARS uplift 0.77Factor sum 5.1/10Threat ×1.0Mitigation ×0.7
Autonomy of Action
0.60
Goal-Driven Planning
0.50
Self-Modification
0.30
Dynamic Tool Use
0.70
Persistent Memory
0.50
Contextual Awareness
0.60
Dynamic Identity
0.40
Multi-Agent Interactions
0.40
Non-Determinism
0.60
Opacity & Reflexivity
0.50

Scored with the canonical OWASP AIVSS formula (AIVSS calculator reference); agentic risk factors estimated from the agent’s described capabilities.

MAESTRO 7-layer threat model

Per-layer threats for this agent. Layers tagged “not certain from listing” are general, caveated commentary where the public description didn’t pin that layer.

L1 · Foundation Models✓ mapped

Vertex AI hosts foundation models (including pre-trained models) making it susceptible to adversarial prompt injection, model extraction/stealing, and membership inference attacks targeting proprietary training data.

L2 · Data Operations✓ mapped

With AutoML integration and custom training routines, the platform is highly exposed to data poisoning, training data exfiltration, and lineage/provenance gaps during dataset ingestion and preprocessing.

L3 · Agent Frameworks⚠ not certain from listing

Not certain from the listing — while it is an 'Agent Builder', the description focuses heavily on ML workflows rather than specific runtime orchestration frameworks, leaving potential gaps in tool-calling security and memory poisoning controls.

L4 · Deployment & Infrastructure✓ mapped

As a cloud-hosted platform, deployment infrastructure risks include container escape, privilege escalation within Google Cloud projects, and unauthorized access to model endpoints.

L5 · Evaluation & Observability✓ mapped

The platform explicitly supports robust monitoring and versioning, which helps mitigate model drift, but remains vulnerable to evaluation gaming and sophisticated adversarial evasion that bypasses standard monitoring.

L6 · Security & Compliance (cross-cutting)✓ mapped

Features built-in governance and compliance controls aligned with enterprise standards, but misconfigurations in IAM policies or tenant isolation could lead to unauthorized model modification.

L7 · Agent Ecosystem⚠ not certain from listing

Not certain from the listing — the description does not specify if the platform supports multi-agent collaboration or a shared agent marketplace, which would introduce risks of cascading failures and agent-to-agent trust abuse.

MAESTRO — the 7-layer agentic threat-modeling framework (Cloud Security Alliance / Ken Huang).