AgentReadyHomeAgent ListingPricing

← Max by Tezi AI

Max by Tezi AI — agentic threat model

8.6AIVSS 8.6 · High

Max by Tezi AI presents a high-risk profile due to its autonomous handling of sensitive candidate PII, video assessments, and direct integrations with enterprise communication (Slack) and database (ATS) systems, making it a prime target for prompt injection and data exfiltration.

OWASP AIVSS score rationale

AIVSS = (CVSS_Base + AARS) × Mitigation_Factor, where AARS = (10 − CVSS_Base) × (Factor_Sum / 10) × ThM
CVSS base 8.2AARS uplift 0.87Factor sum 4.6/10Threat ×1.05Mitigation ×0.95
Autonomy of Action
0.80
Goal-Driven Planning
0.70
Self-Modification
0.10
Dynamic Tool Use
0.60
Persistent Memory
0.50
Contextual Awareness
0.60
Dynamic Identity
0.20
Multi-Agent Interactions
0.10
Non-Determinism
0.50
Opacity & Reflexivity
0.50

Scored with the canonical OWASP AIVSS formula (AIVSS calculator reference); agentic risk factors estimated from the agent’s described capabilities.

MAESTRO 7-layer threat model

Per-layer threats for this agent. Layers tagged “not certain from listing” are general, caveated commentary where the public description didn’t pin that layer.

L1 · Foundation Models⚠ not certain from listing

Not certain from the listing — Likely relies on commercial LLMs for candidate communication and resume parsing. Threats include prompt injection to bypass screening criteria or extract candidate data.

L2 · Data Operations⚠ not certain from listing

Not certain from the listing — Handles sensitive candidate PII, resumes, and video/language assessment data. Threats include data exfiltration of candidate profiles and poisoning of the vector database used for skill adjacency matching.

L3 · Agent Frameworks✓ mapped

Max orchestrates multi-step workflows (sourcing, screening, scheduling, communicating). Threats include insecure tool integration with ATS and Slack, where prompt injection could trigger unauthorized API calls (e.g., sending spam to candidates or modifying ATS records).

L4 · Deployment & Infrastructure⚠ not certain from listing

Not certain from the listing — Hosted as a closed-source SaaS platform. Threats include container compromise or unauthorized access to API keys for integrated ATS and Slack workspaces.

L5 · Evaluation & Observability⚠ not certain from listing

Not certain from the listing — Mentions bias detection and diversity tools, but lacks details on real-time guardrails or prompt injection monitoring. Threats include blind spots in detecting adversarial candidate inputs.

L6 · Security & Compliance (cross-cutting)✓ mapped

Handles highly sensitive HR data and candidate PII, making it subject to GDPR, CCPA, and AI employment regulations (e.g., NYC Local Law 144). Compliance gaps in automated decision-making are a major risk.

L7 · Agent Ecosystem✓ mapped

Integrates directly with Slack and ATS ecosystems. Threats include cascading failures where a compromised Slack account or ATS endpoint allows an attacker to manipulate Max's recruiting workflows.

MAESTRO — the 7-layer agentic threat-modeling framework (Cloud Security Alliance / Ken Huang).

These scores are auto-generated from public information (the agent's own listing, docs, and repository) using the canonical OWASP AIVSS formula and the MAESTRO framework — an estimate for guidance, not a penetration test, audit, or certification. See the scoring methodology. Are you the vendor? Factual corrections are free.