Klaaryo — agentic threat model
Klaaryo presents a moderate-to-high risk profile due to its direct integration with WhatsApp and handling of sensitive candidate PII, making it a prime target for prompt injection via resumes and automated phishing distribution.
OWASP AIVSS score rationale
| Autonomy of Action | 0.70 | |
| Goal-Driven Planning | 0.60 | |
| Self-Modification | 0.10 | |
| Dynamic Tool Use | 0.50 | |
| Persistent Memory | 0.70 | |
| Contextual Awareness | 0.60 | |
| Dynamic Identity | 0.20 | |
| Multi-Agent Interactions | 0.10 | |
| Non-Determinism | 0.60 | |
| Opacity & Reflexivity | 0.50 |
Scored with the canonical OWASP AIVSS formula (AIVSS calculator reference); agentic risk factors estimated from the agent’s described capabilities.
MAESTRO 7-layer threat model
Per-layer threats for this agent. Layers tagged “not certain from listing” are general, caveated commentary where the public description didn’t pin that layer.
Not certain from the listing — likely utilizes third-party LLMs for conversational screening. Vulnerable to prompt injection embedded in candidate resumes or WhatsApp messages, which could bypass screening criteria or leak system instructions.
Not certain from the listing — processes candidate resumes, contact details, and chat histories. Vulnerable to PII exfiltration and database poisoning if malicious candidate profiles are ingested into the RAG or vector storage systems.
Not certain from the listing — orchestrates candidate engagement and ATS updates. Vulnerable to tool misuse where prompt injection triggers unauthorized WhatsApp messages or corrupts candidate status records.
Not certain from the listing — hosted as a closed-source SaaS platform. Vulnerable to WhatsApp API token theft, insecure webhook endpoints, and potential remote code execution if resume parsing libraries are unpatched.
Not certain from the listing — no mention of evaluation frameworks or guardrails. Vulnerable to undetected bias in automated screening decisions and a lack of audit trails for conversational anomalies.
Not certain from the listing — handles recruitment data which is highly regulated under GDPR/CCPA. Lacks visible compliance certifications, data retention policies, or explicit consent mechanisms for automated AI decision-making.
Not certain from the listing — primarily acts as a standalone integration. Risks are limited to cascading failures or data synchronization issues with connected Applicant Tracking Systems (ATS) and the WhatsApp Business API.
MAESTRO — the 7-layer agentic threat-modeling framework (Cloud Security Alliance / Ken Huang).
These scores are auto-generated from public information (the agent's own listing, docs, and repository) using the canonical OWASP AIVSS formula and the MAESTRO framework — an estimate for guidance, not a penetration test, audit, or certification. See the scoring methodology. Are you the vendor? Factual corrections are free.