This work addresses the lack of systematic evaluation of practical risks posed by known threats in deployed AI agents. It proposes MATRA, a novel framework that adapts traditional threat modeling to large language model–based agent systems by integrating asset-centric impact analysis with attack tree modeling, thereby enabling a quantitative mapping from generic threats to deployment-specific risks. By incorporating architectural safeguards such as network sandboxing and principle-of-least-privilege controls, MATRA demonstrably reduces the blast radius of injection attacks and effectively mitigates real-world security risks, as validated in the OpenClaw personal agent case study.

LLMs are increasingly deployed as autonomous agents with access to tools, databases, and external services, yet practitioners (across different sectors) lack systematic methods to assess how known threat classes translate into concrete risks within a specific agentic deployment. We present MATRA, a pragmatic threat modeling framework for agentic AI systems that adapts established risk assessment methodology to systematically assess how known LLM threats translate into deployment-specific risks. MATRA begins with an asset-based impact assessment and utilizes attack trees to determine the likelihood of these impacts occurring within the system architecture. We demonstrate MATRA on a personal AI agent deployment using OpenClaw, quantifying how architectural controls such as network sandboxing and least-privilege access reduce risk by limiting the blast radius of successful injections.