AgentReadyHomeAgent ListingPricing

← iTrust

iTrust — agentic threat model

7.4AIVSS 7.4 · High

iTrust acts as a centralized cyber risk intelligence and compliance automation platform. While its agentic autonomy is limited to automated assessments and monitoring, a compromise could allow attackers to manipulate third-party risk ratings, mask insider threats, or spoof compliance postures.

OWASP AIVSS score rationale

AIVSS = (CVSS_Base + AARS) × Mitigation_Factor, where AARS = (10 − CVSS_Base) × (Factor_Sum / 10) × ThM
CVSS base 7.5AARS uplift 0.75Factor sum 3.0/10Threat ×1.0Mitigation ×0.9
Autonomy of Action
0.40
Goal-Driven Planning
0.30
Self-Modification
0.00
Dynamic Tool Use
0.50
Persistent Memory
0.50
Contextual Awareness
0.60
Dynamic Identity
0.00
Multi-Agent Interactions
0.00
Non-Determinism
0.40
Opacity & Reflexivity
0.30

Scored with the canonical OWASP AIVSS formula (AIVSS calculator reference); agentic risk factors estimated from the agent’s described capabilities.

MAESTRO 7-layer threat model

Per-layer threats for this agent. Layers tagged “not certain from listing” are general, caveated commentary where the public description didn’t pin that layer.

L1 · Foundation Models⚠ not certain from listing

Not certain from the listing — The specific foundation models powering the risk intelligence and compliance automation are not disclosed. Potential threats include adversarial prompt injection designed to artificially inflate or deflate vendor risk scores.

L2 · Data Operations⚠ not certain from listing

Not certain from the listing — The mechanisms for ingesting and storing third-party vendor data, blockchain records, and real-time threat intelligence are unspecified. Threats include data poisoning of the threat intelligence feed to manipulate risk assessments.

L3 · Agent Frameworks⚠ not certain from listing

Not certain from the listing — The orchestration framework used to automate risk assessments is not described. Insecure tool integration is a primary threat, particularly when querying external APIs, DNS records, or blockchain nodes.

L4 · Deployment & Infrastructure⚠ not certain from listing

Not certain from the listing — The hosting infrastructure and sandboxing controls for executing node or DNS resilience checks are not detailed. Compromise of this layer could expose sensitive compliance data and third-party vulnerability reports.

L5 · Evaluation & Observability⚠ not certain from listing

Not certain from the listing — The platform's internal guardrails, drift detection, and logging mechanisms are not specified. Gaps here could allow silent failures or undetected manipulation of compliance readiness reports.

L6 · Security & Compliance (cross-cutting)✓ mapped

The platform explicitly targets compliance readiness for frameworks like SOC 2, ISO 27001, and PCI DSS. However, the listing does not detail iTrust's own internal access controls, tenant isolation, or cryptographic standards used to protect customer data.

L7 · Agent Ecosystem⚠ not certain from listing

Not certain from the listing — There is no mention of multi-agent coordination or ecosystem marketplace integrations. If external security agents are supported, trust abuse and cascading failures in risk reporting represent key threats.

MAESTRO — the 7-layer agentic threat-modeling framework (Cloud Security Alliance / Ken Huang).

These scores are auto-generated from public information (the agent's own listing, docs, and repository) using the canonical OWASP AIVSS formula and the MAESTRO framework — an estimate for guidance, not a penetration test, audit, or certification. See the scoring methodology. Are you the vendor? Factual corrections are free.