Legora — agentic threat model
Legora presents a high-value target due to its integration with sensitive legal documents and MS Word. While its agentic capabilities are focused on research and drafting within a collaborative workspace, a compromise could lead to severe data exfiltration of privileged legal information.
OWASP AIVSS score rationale
| Autonomy of Action | 0.40 | |
| Goal-Driven Planning | 0.50 | |
| Self-Modification | 0.10 | |
| Dynamic Tool Use | 0.60 | |
| Persistent Memory | 0.40 | |
| Contextual Awareness | 0.70 | |
| Dynamic Identity | 0.20 | |
| Multi-Agent Interactions | 0.30 | |
| Non-Determinism | 0.60 | |
| Opacity & Reflexivity | 0.50 |
Scored with the canonical OWASP AIVSS formula (AIVSS calculator reference); agentic risk factors estimated from the agent’s described capabilities.
MAESTRO 7-layer threat model
Per-layer threats for this agent. Layers tagged “not certain from listing” are general, caveated commentary where the public description didn’t pin that layer.
Not certain from the listing — The underlying foundation models are not specified. Threats include adversarial prompt injection during contract analysis and potential model reprogramming via malicious legal documents uploaded for review.
Legora performs RAG-based legal research and Tabular Review on large-scale document sets. This exposes it to data exfiltration of highly sensitive, privileged client data, and potential knowledge-base poisoning if malicious legal documents are ingested into the workspace.
The agent utilizes agentic web search and a Microsoft Word integration. Threats include insecure tool integration (e.g., Word add-in vulnerabilities) and tool misuse, where malicious search results could trigger prompt injection or SSRF during automated research.
Not certain from the listing — The hosting and sandboxing environment for document processing is not detailed. Threats include container compromise during the parsing of complex, untrusted legal documents (e.g., PDFs, DOCX).
Not certain from the listing — There is no mention of evaluation frameworks, guardrails, or observability tools. Gaps here could lead to undetected drift in legal reasoning or silent failures in contract analysis.
Not certain from the listing — Although trusted by major global law firms (implying rigorous security vetting), specific compliance certifications (like SOC2 or ISO 27001) are not explicitly cited in the listing.
Not certain from the listing — While described as a collaborative workspace, it is unclear if there are autonomous multi-agent interactions or marketplace integrations that could lead to cascading trust failures.
MAESTRO — the 7-layer agentic threat-modeling framework (Cloud Security Alliance / Ken Huang).
These scores are auto-generated from public information (the agent's own listing, docs, and repository) using the canonical OWASP AIVSS formula and the MAESTRO framework — an estimate for guidance, not a penetration test, audit, or certification. See the scoring methodology. Are you the vendor? Factual corrections are free.