AgentReadyHomeAgent ListingPricing

← lyngo

lyngo — agentic threat model

7.8AIVSS 7.8 · High

Lyngo presents a high-risk profile due to its direct integration with healthcare Practice Management Systems (PMS) and handling of Protected Health Information (PHI) over public telephony. While it claims strong regulatory compliance, its autonomy to modify calendars and access patient records creates significant vectors for prompt injection and unauthorized data access.

OWASP AIVSS score rationale

AIVSS = (CVSS_Base + AARS) × Mitigation_Factor, where AARS = (10 − CVSS_Base) × (Factor_Sum / 10) × ThM
CVSS base 8.5AARS uplift 0.66Factor sum 4.2/10Threat ×1.05Mitigation ×0.85
Autonomy of Action
0.80
Goal-Driven Planning
0.50
Self-Modification
0.00
Dynamic Tool Use
0.60
Persistent Memory
0.60
Contextual Awareness
0.50
Dynamic Identity
0.10
Multi-Agent Interactions
0.00
Non-Determinism
0.60
Opacity & Reflexivity
0.50

Scored with the canonical OWASP AIVSS formula (AIVSS calculator reference); agentic risk factors estimated from the agent’s described capabilities.

MAESTRO 7-layer threat model

Per-layer threats for this agent. Layers tagged “not certain from listing” are general, caveated commentary where the public description didn’t pin that layer.

L1 · Foundation Models⚠ not certain from listing

Not certain from the listing — likely relies on third-party LLMs and speech-to-text/text-to-speech APIs. Primary threats include voice prompt injection (VPI) where a caller manipulates the underlying LLM to bypass clinic policies or extract system prompts.

L2 · Data Operations⚠ not certain from listing

Not certain from the listing — likely utilizes RAG for clinic FAQs and queries PMS databases for patient records. Threats include unauthorized data retrieval or leakage of other patients' PHI if the retrieval queries are not strictly scoped to the authenticated caller.

L3 · Agent Frameworks⚠ not certain from listing

Not certain from the listing — orchestrates call flow, PMS tool execution (booking/canceling), and escalation logic. Threats include insecure tool integration where malicious inputs during a call trigger unintended API actions in the Cliniko PMS.

L4 · Deployment & Infrastructure⚠ not certain from listing

Not certain from the listing — likely hosted on cloud infrastructure with telephony integration (e.g., Twilio). Threats include insecure SIP trunking, exposed webhook endpoints, and lack of sandboxing for the integration middleware.

L5 · Evaluation & Observability✓ mapped

The agent provides logs, transcripts, and insights in a portal. The primary threat is the exposure of PHI within raw transcripts or logs if access controls to the portal are compromised, or if logs are not properly redacted.

L6 · Security & Compliance (cross-cutting)✓ mapped

The agent claims compliance with GDPR, UK/EU, and APP. The main threat is compliance drift, where non-deterministic LLM behavior or conversational errors lead to accidental disclosure of PHI, violating these strict healthcare privacy frameworks.

L7 · Agent Ecosystem✓ mapped

The agent operates as a vertical, single-agent solution integrated directly with a PMS. There is no evidence of multi-agent or marketplace interactions, making ecosystem-level cascading failures a low threat.

MAESTRO — the 7-layer agentic threat-modeling framework (Cloud Security Alliance / Ken Huang).

These scores are auto-generated from public information (the agent's own listing, docs, and repository) using the canonical OWASP AIVSS formula and the MAESTRO framework — an estimate for guidance, not a penetration test, audit, or certification. See the scoring methodology. Are you the vendor? Factual corrections are free.