AgentReadyHomeAgent Listing

← Wan 2.7 AI Video

Wan 2.7 AI Video — agentic threat model

7.2AIVSS 7.2 · High

The Wan 2.7 AI Video agent presents a moderate security risk primarily centered on the generation of deceptive content (deepfakes, unauthorized voice cloning) and the lack of visible guardrails, though its low operational autonomy limits direct systemic impact.

OWASP AIVSS score rationale

AIVSS = (CVSS_Base + AARS) × Mitigation_Factor, where AARS = (10 − CVSS_Base) × (Factor_Sum / 10) × ThM
CVSS base 6.3AARS uplift 0.93Factor sum 2.5/10Threat ×1.0Mitigation ×1.0
Autonomy of Action
0.20
Goal-Driven Planning
0.10
Self-Modification
0.00
Dynamic Tool Use
0.20
Persistent Memory
0.10
Contextual Awareness
0.30
Dynamic Identity
0.00
Multi-Agent Interactions
0.00
Non-Determinism
0.80
Opacity & Reflexivity
0.80

Scored with the canonical OWASP AIVSS formula (AIVSS calculator reference); agentic risk factors estimated from the agent’s described capabilities.

MAESTRO 7-layer threat model

Per-layer threats for this agent. Layers tagged “not certain from listing” are general, caveated commentary where the public description didn’t pin that layer.

L1 · Foundation Models✓ mapped

The agent relies on the Wan 2.7 foundation model. Key threats include adversarial prompt injection to bypass safety filters, model reprogramming to generate prohibited/NSFW content, and potential intellectual property theft of the proprietary closed-source model weights.

L2 · Data Operations⚠ not certain from listing

Not certain from the listing — details on how user-uploaded images, video frames, and voice samples are stored or processed are omitted. There is a risk of data exfiltration of sensitive user assets or unauthorized retention of voice data used for cloning.

L3 · Agent Frameworks⚠ not certain from listing

Not certain from the listing — the underlying orchestration framework is unspecified. The capability to edit video generation instructions mid-process suggests a stateful execution framework that could be vulnerable to race conditions or state injection attacks.

L4 · Deployment & Infrastructure⚠ not certain from listing

Not certain from the listing — hosting and infrastructure details are not provided. Given the high computational demands of 1080P video generation, the infrastructure is highly susceptible to denial-of-service (DoS) attacks via resource exhaustion if rate limiting is insufficient.

L5 · Evaluation & Observability⚠ not certain from listing

Not certain from the listing — there is no mention of output monitoring, content moderation, or deepfake detection guardrails. This creates a blind spot where malicious users could generate disinformation or non-consensual media without detection.

L6 · Security & Compliance (cross-cutting)⚠ not certain from listing

Not certain from the listing — compliance with data privacy regulations (like GDPR) and AI safety standards (like the EU AI Act's transparency requirements for synthetic media and voice cloning) is unverified.

L7 · Agent Ecosystem⚠ not certain from listing

Not certain from the listing — the agent operates as a standalone horizontal tool. If integrated into larger automated content pipelines, vulnerabilities could arise from cascading failures or automated propagation of synthetic/malicious media.

MAESTRO — the 7-layer agentic threat-modeling framework (Cloud Security Alliance / Ken Huang).