AgentReadyHomeAgent ListingPricing

← NewOaks AI

NewOaks AI — agentic threat model

8.7AIVSS 8.7 · High

NewOaks AI presents a moderate-to-high risk profile due to its direct integration with telephony and SMS gateways for outbound communication, which could be abused for toll fraud, spamming, or social engineering if compromised. The use of real-time voice LLMs also introduces unique audio-based prompt injection vectors.

OWASP AIVSS score rationale

AIVSS = (CVSS_Base + AARS) × Mitigation_Factor, where AARS = (10 − CVSS_Base) × (Factor_Sum / 10) × ThM
CVSS base 7.5AARS uplift 1.21Factor sum 4.6/10Threat ×1.05Mitigation ×1.0
Autonomy of Action
0.70
Goal-Driven Planning
0.50
Self-Modification
0.10
Dynamic Tool Use
0.60
Persistent Memory
0.40
Contextual Awareness
0.50
Dynamic Identity
0.20
Multi-Agent Interactions
0.10
Non-Determinism
0.80
Opacity & Reflexivity
0.70

Scored with the canonical OWASP AIVSS formula (AIVSS calculator reference); agentic risk factors estimated from the agent’s described capabilities.

MAESTRO 7-layer threat model

Per-layer threats for this agent. Layers tagged “not certain from listing” are general, caveated commentary where the public description didn’t pin that layer.

L1 · Foundation Models✓ mapped

Uses OpenAI's Realtime API for voice synthesis and understanding. Vulnerable to voice-based prompt injection (audio injection attacks) where a caller speaks instructions designed to override the agent's system prompt or extract system instructions.

L2 · Data Operations⚠ not certain from listing

Not certain from the listing — likely utilizes a knowledge base or RAG system to maintain brand voice and answer queries, which is vulnerable to data poisoning or exfiltration of proprietary business information.

L3 · Agent Frameworks✓ mapped

Orchestrates actions across voice, SMS, and chat channels to book appointments. Insecure tool integration with calendar systems or SMS gateways could allow attackers to manipulate booking states or send unauthorized messages.

L4 · Deployment & Infrastructure⚠ not certain from listing

Not certain from the listing — requires integration with telephony infrastructure (SIP/WebRTC/Twilio) and web hosting for widgets, exposing potential API key leakage, SIP trunk abuse, or denial-of-service on voice lines.

L5 · Evaluation & Observability⚠ not certain from listing

Not certain from the listing — likely logs call transcripts and SMS history for quality assurance, which could lead to PII exposure if transcripts containing sensitive customer data are not properly redacted or monitored.

L6 · Security & Compliance (cross-cutting)⚠ not certain from listing

Not certain from the listing — handling outbound calls and SMS requires strict compliance with TCPA, GDPR, and telecom regulations, but specific compliance frameworks or access controls are not detailed in the listing.

L7 · Agent Ecosystem⚠ not certain from listing

Not certain from the listing — no explicit multi-agent coordination or marketplace interactions are described; primarily operates as a standalone agent interacting with human users.

MAESTRO — the 7-layer agentic threat-modeling framework (Cloud Security Alliance / Ken Huang).

These scores are auto-generated from public information (the agent's own listing, docs, and repository) using the canonical OWASP AIVSS formula and the MAESTRO framework — an estimate for guidance, not a penetration test, audit, or certification. See the scoring methodology. Are you the vendor? Factual corrections are free.