MAESTRO
MAESTRO is Gamut’s native threat-assessment workflow for AI and agentic system architecture. It brings structured threat modelling to AI systems: reasoning about how an AI or agentic architecture could be attacked, misused or fail, layer by layer, and what controls reduce that exposure.
What MAESTRO is for
Section titled “What MAESTRO is for”Governance frameworks tell you what good looks like. Threat modelling asks the opposite question: what could go wrong, and how would an adversary or a failure exploit this architecture? MAESTRO gives AI and agentic systems a structured way to answer that, so threats are identified deliberately rather than discovered in incidents.
The seven layers
Section titled “The seven layers”MAESTRO decomposes an AI or agentic system into seven architectural layers and models the threats specific to each. This layered approach ensures the whole stack is examined, from the model itself up to multi-agent interactions, rather than only the parts that are easy to see.
| Layer | Name | Focus |
|---|---|---|
| 1 | Foundation Models | Core model capabilities and training methodologies. |
| 2 | Data Operations | Data pipelines, embeddings, RAG systems and feature stores. |
| 3 | Agent Frameworks | Orchestration logic, plugins, tool use and reasoning. |
| 4 | Deployment & Infrastructure | Runtime environments, APIs, containers and networking. |
| 5 | Security & Compliance | The cross-cutting governance layer ensuring regulatory alignment. |
| 6 | Evaluation & Observability | Monitoring, anomaly detection, explainability and performance. |
| 7 | Agent Ecosystem | Multi-agent interactions, trust boundaries and agent-to-agent behaviour. |
Each layer carries its own set of candidate threats to assess. The upper layers (3, 4 and 7) are where agentic systems differ most from traditional AI: the ability to orchestrate tools, run on live infrastructure and interact with other agents expands the threat surface well beyond a model’s outputs.
The five-level risk scale
Section titled “The five-level risk scale”Each threat is rated for severity on a five-level scale, so attention goes to what matters most.
| Level | Rating |
|---|---|
| 1 | Minimal |
| 2 | Low |
| 3 | Moderate |
| 4 | High |
| 5 | Critical |
Each level comes with guidance and suggested controls, so a rating leads to action rather than just a label.
How you use it
Section titled “How you use it”- Identify the AI or agentic system and its architecture.
- Work through the seven layers, assessing the relevant threats in each.
- Rate each threat on the five-level scale and record the rationale.
- Raise findings for unmitigated threats and track remediation.
MAESTRO and the agentic stack
Section titled “MAESTRO and the agentic stack”For agentic systems, MAESTRO complements ATF and ACRS: ATF defines trust and control, ACRS scores capability risk, and MAESTRO models the threats those capabilities introduce across the architecture. Together they inform how the agentic stack governs an agent at runtime.
- ATF, agent trust and autonomy controls.
- ACRS, scoring agent capability risk.
- Agentic stack overview, runtime governance of agents.