Healthcare CoPilot — agentic threat model
Healthcare CoPilot presents a high-consequence risk profile due to its processing of sensitive clinical data and triage decision support, though its agentic risk is heavily mitigated by its UK CA Class 1 regulatory compliance and human-in-the-loop design.
OWASP AIVSS score rationale
| Autonomy of Action | 0.30 | |
| Goal-Driven Planning | 0.40 | |
| Self-Modification | 0.00 | |
| Dynamic Tool Use | 0.30 | |
| Persistent Memory | 0.20 | |
| Contextual Awareness | 0.70 | |
| Dynamic Identity | 0.10 | |
| Multi-Agent Interactions | 0.10 | |
| Non-Determinism | 0.40 | |
| Opacity & Reflexivity | 0.50 |
Scored with the canonical OWASP AIVSS formula (AIVSS calculator reference); agentic risk factors estimated from the agent’s described capabilities.
MAESTRO 7-layer threat model
Per-layer threats for this agent. Layers tagged “not certain from listing” are general, caveated commentary where the public description didn’t pin that layer.
Not certain from the listing — the specific foundation models used for extraction and summarization are not disclosed. Potential threats include adversarial prompt injection altering clinical triage decisions or model output misalignment leading to missed clinical urgency.
The agent ingests, extracts, and codes clinical referrals and records using SNOMED CT UK. Key threats include clinical data poisoning, unauthorized exfiltration of Protected Health Information (PHI), and embedding inversion attacks on patient records.
Not certain from the listing — the orchestration framework is not specified. Threats include insecure integration with Electronic Health Record (EHR) systems and potential memory poisoning during multi-step clinical pathway evaluations.
Not certain from the listing — the hosting environment (cloud vs. on-premise NHS trust servers) is not detailed. Threats include unauthorized access to hosting infrastructure, container escape, and lateral movement into broader hospital networks.
The system explicitly supports dashboards for audit and governance, and is UK CA Class 1 certified, indicating structured clinical safety monitoring, though specific real-time LLM guardrails are not detailed.
The agent is certified as a UK CA Class 1 clinical management-support software, indicating compliance with medical device regulations, rigorous clinical safety standards, and structured quality management systems.
Not certain from the listing — there is no mention of multi-agent coordination or marketplace interactions. Threats are limited to potential future integration risks with other healthcare agents or EHR APIs.
MAESTRO — the 7-layer agentic threat-modeling framework (Cloud Security Alliance / Ken Huang).
These scores are auto-generated from public information (the agent's own listing, docs, and repository) using the canonical OWASP AIVSS formula and the MAESTRO framework — an estimate for guidance, not a penetration test, audit, or certification. See the scoring methodology. Are you the vendor? Factual corrections are free.