MATRA: Modeling the Attack Surface of Agentic AI Systems -- OpenClaw Case Study

TL;DR

MATRA is a threat modeling framework designed to systematically assess risks in agentic AI systems, demonstrated through a case study with OpenClaw.

Contribution

It adapts established risk assessment methods to evaluate how known threats impact specific agentic AI deployments.

Findings

Architectural controls like sandboxing reduce risk by limiting attack impact.

MATRA effectively quantifies how system architecture influences threat likelihood.

The framework provides a systematic approach for deployment-specific risk assessment.

Abstract

LLMs are increasingly deployed as autonomous agents with access to tools, databases, and external services, yet practitioners (across different sectors) lack systematic methods to assess how known threat classes translate into concrete risks within a specific agentic deployment. We present MATRA, a pragmatic threat modeling framework for agentic AI systems that adapts established risk assessment methodology to systematically assess how known LLM threats translate into deployment-specific risks. MATRA begins with an asset-based impact assessment and utilizes attack trees to determine the likelihood of these impacts occurring within the system architecture. We demonstrate MATRA on a personal AI agent deployment using OpenClaw, quantifying how architectural controls such as network sandboxing and least-privilege access reduce risk by limiting the blast radius of successful injections.