AgentReadyHomeAgent ListingPricing

← Lunavo

Lunavo — agentic threat model

9.4AIVSS 9.4 · Critical

Lunavo presents a high-risk profile due to its deep integration into freight forwarding supply chains, where automated tool execution (e.g., booking, customs documentation) could be exploited via prompt injection to cause physical logistics disruptions or financial fraud.

OWASP AIVSS score rationale

AIVSS = (CVSS_Base + AARS) × Mitigation_Factor, where AARS = (10 − CVSS_Base) × (Factor_Sum / 10) × ThM
CVSS base 8.5AARS uplift 0.88Factor sum 5.6/10Threat ×1.05Mitigation ×1.0
Autonomy of Action
0.80
Goal-Driven Planning
0.70
Self-Modification
0.10
Dynamic Tool Use
0.80
Persistent Memory
0.60
Contextual Awareness
0.80
Dynamic Identity
0.30
Multi-Agent Interactions
0.20
Non-Determinism
0.60
Opacity & Reflexivity
0.70

Scored with the canonical OWASP AIVSS formula (AIVSS calculator reference); agentic risk factors estimated from the agent’s described capabilities.

MAESTRO 7-layer threat model

Per-layer threats for this agent. Layers tagged “not certain from listing” are general, caveated commentary where the public description didn’t pin that layer.

L1 · Foundation Models⚠ not certain from listing

Not certain from the listing — likely relies on commercial LLMs to parse unstructured freight emails and documents. Threats include prompt injection via incoming customer emails leading to unauthorized actions or misaligned outputs.

L2 · Data Operations⚠ not certain from listing

Not certain from the listing — processes sensitive shipping manifests, commercial invoices, and customer PII. Gaps in data lineage or lack of encryption for vector stores could lead to data exfiltration of proprietary logistics data.

L3 · Agent Frameworks⚠ not certain from listing

Not certain from the listing — orchestrates multi-step freight workflows (e.g., parsing an email, querying an ERP, and booking a carrier). Insecure tool integration or tool misuse could allow an attacker to trigger unauthorized API calls to external logistics systems.

L4 · Deployment & Infrastructure⚠ not certain from listing

Not certain from the listing — hosted as a closed-source SaaS platform. Threats include container compromise, credential theft for integrated logistics portals, and lack of sandboxing when processing untrusted PDF/Excel shipping documents.

L5 · Evaluation & Observability⚠ not certain from listing

Not certain from the listing — requires strict observability to catch hallucinated shipping details or customs errors. Gaps in drift detection or insufficient logging of automated decisions could lead to silent, costly failures in logistics pipelines.

L6 · Security & Compliance (cross-cutting)⚠ not certain from listing

Not certain from the listing — must comply with international trade regulations and data privacy laws (GDPR/CCPA). The lack of explicit security certifications (e.g., SOC2) in the listing suggests potential compliance and auditability gaps.

L7 · Agent Ecosystem⚠ not certain from listing

Not certain from the listing — interacts heavily with external carrier APIs, port authority systems, and customer ERPs. Vulnerabilities include cascading failures if external logistics APIs return malformed payloads or if the agent is manipulated into abusing trust boundaries with third-party systems.

MAESTRO — the 7-layer agentic threat-modeling framework (Cloud Security Alliance / Ken Huang).

These scores are auto-generated from public information (the agent's own listing, docs, and repository) using the canonical OWASP AIVSS formula and the MAESTRO framework — an estimate for guidance, not a penetration test, audit, or certification. See the scoring methodology. Are you the vendor? Factual corrections are free.