Max by Tezi AI — agentic threat model
Max by Tezi AI presents a high-risk profile due to its autonomous handling of sensitive candidate PII, video assessments, and direct integrations with enterprise communication (Slack) and database (ATS) systems, making it a prime target for prompt injection and data exfiltration.
OWASP AIVSS score rationale
| Autonomy of Action | 0.80 | |
| Goal-Driven Planning | 0.70 | |
| Self-Modification | 0.10 | |
| Dynamic Tool Use | 0.60 | |
| Persistent Memory | 0.50 | |
| Contextual Awareness | 0.60 | |
| Dynamic Identity | 0.20 | |
| Multi-Agent Interactions | 0.10 | |
| Non-Determinism | 0.50 | |
| Opacity & Reflexivity | 0.50 |
Scored with the canonical OWASP AIVSS formula (AIVSS calculator reference); agentic risk factors estimated from the agent’s described capabilities.
MAESTRO 7-layer threat model
Per-layer threats for this agent. Layers tagged “not certain from listing” are general, caveated commentary where the public description didn’t pin that layer.
Not certain from the listing — Likely relies on commercial LLMs for candidate communication and resume parsing. Threats include prompt injection to bypass screening criteria or extract candidate data.
Not certain from the listing — Handles sensitive candidate PII, resumes, and video/language assessment data. Threats include data exfiltration of candidate profiles and poisoning of the vector database used for skill adjacency matching.
Max orchestrates multi-step workflows (sourcing, screening, scheduling, communicating). Threats include insecure tool integration with ATS and Slack, where prompt injection could trigger unauthorized API calls (e.g., sending spam to candidates or modifying ATS records).
Not certain from the listing — Hosted as a closed-source SaaS platform. Threats include container compromise or unauthorized access to API keys for integrated ATS and Slack workspaces.
Not certain from the listing — Mentions bias detection and diversity tools, but lacks details on real-time guardrails or prompt injection monitoring. Threats include blind spots in detecting adversarial candidate inputs.
Handles highly sensitive HR data and candidate PII, making it subject to GDPR, CCPA, and AI employment regulations (e.g., NYC Local Law 144). Compliance gaps in automated decision-making are a major risk.
Integrates directly with Slack and ATS ecosystems. Threats include cascading failures where a compromised Slack account or ATS endpoint allows an attacker to manipulate Max's recruiting workflows.
MAESTRO — the 7-layer agentic threat-modeling framework (Cloud Security Alliance / Ken Huang).
These scores are auto-generated from public information (the agent's own listing, docs, and repository) using the canonical OWASP AIVSS formula and the MAESTRO framework — an estimate for guidance, not a penetration test, audit, or certification. See the scoring methodology. Are you the vendor? Factual corrections are free.