AgentReadyHomeAgent ListingPricing

← Saner.AI

Saner.AI — agentic threat model

8.7AIVSS 8.7 · High

Saner.AI acts as a high-privilege personal assistant with access to sensitive personal emails, notes, and tasks. Its primary risk stems from potential prompt injection exploiting its email and tool integrations to exfiltrate data or perform unauthorized actions.

OWASP AIVSS score rationale

AIVSS = (CVSS_Base + AARS) × Mitigation_Factor, where AARS = (10 − CVSS_Base) × (Factor_Sum / 10) × ThM
CVSS base 7.8AARS uplift 0.95Factor sum 4.3/10Threat ×1.0Mitigation ×1.0
Autonomy of Action
0.40
Goal-Driven Planning
0.30
Self-Modification
0.10
Dynamic Tool Use
0.50
Persistent Memory
0.80
Contextual Awareness
0.70
Dynamic Identity
0.30
Multi-Agent Interactions
0.10
Non-Determinism
0.50
Opacity & Reflexivity
0.60

Scored with the canonical OWASP AIVSS formula (AIVSS calculator reference); agentic risk factors estimated from the agent’s described capabilities.

MAESTRO 7-layer threat model

Per-layer threats for this agent. Layers tagged “not certain from listing” are general, caveated commentary where the public description didn’t pin that layer.

L1 · Foundation Models⚠ not certain from listing

Not certain from the listing — likely relies on third-party commercial LLMs. The primary threat is indirect prompt injection via incoming emails, which could manipulate the model into executing unauthorized actions or leaking sensitive notes.

L2 · Data Operations⚠ not certain from listing

Not certain from the listing — likely utilizes a vector database to perform RAG over the user's personal notes and emails. Threats include data exfiltration of sensitive personal history and potential knowledge-base poisoning from malicious incoming emails.

L3 · Agent Frameworks⚠ not certain from listing

Not certain from the listing — orchestrates note-taking, task management, and email APIs. Insecure tool integration could allow an attacker to trigger unintended email dispatches or delete critical tasks through manipulated context.

L4 · Deployment & Infrastructure⚠ not certain from listing

Not certain from the listing — hosted as a closed-source SaaS platform. The critical threat at this layer is the secure storage and handling of third-party OAuth tokens (e.g., Google/Microsoft) used to access user email and calendar accounts.

L5 · Evaluation & Observability⚠ not certain from listing

Not certain from the listing — no public details on guardrails or output monitoring. A lack of input/output filtering could allow prompt injections to succeed silently, leading to data leakage or incorrect task generation.

L6 · Security & Compliance (cross-cutting)⚠ not certain from listing

Not certain from the listing — requires robust identity and access management to isolate user data. Compliance with privacy regulations (like GDPR) is critical given the highly personal nature of ADHD-focused note-taking and email processing.

L7 · Agent Ecosystem⚠ not certain from listing

Not certain from the listing — operates primarily as a single-user personal assistant. However, interaction with external email ecosystems introduces risks of cascading trust issues when processing untrusted external communications.

MAESTRO — the 7-layer agentic threat-modeling framework (Cloud Security Alliance / Ken Huang).

These scores are auto-generated from public information (the agent's own listing, docs, and repository) using the canonical OWASP AIVSS formula and the MAESTRO framework — an estimate for guidance, not a penetration test, audit, or certification. See the scoring methodology. Are you the vendor? Factual corrections are free.