Agentic AI systems operate not as static software components but as adaptive control planes whose behavior emerges from interactions across planning substrates, memory substrates, tool affordances, orchestration logic, and environmental surfaces. Traditional threat models—including MAESTRO, MITRE ATLAS, and NIST IR 8596—assume enumerability, pre-classification, autonomy-level risk correlation, and context-free telemetry. These assumptions fail in open-world, multi-agent environments where behavior is emergent, unbounded, and coalition-capable. This paper introduces the Substrate-Layer Threat Model (SLTM)—a non-enumerative, drift-centric, substrate-anchored framework that replaces enumerated threats with substrate dynamics, replaces behavior classification with affordance mapping, and replaces static telemetry with substrate-anchored evidence. SLTM defines six generative threat surfaces, six substrate-anchored audit primitives, and five architectural governance anchors. It is the first threat model designed for the systems we are actually deploying.
Narnaiezzsshaa Truong (Fri,) studied this question.