AgentReadyHomeAgent ListingPricing

← Webhawk

Webhawk — agentic threat model

8.3AIVSS 8.3 · High

Webhawk presents a moderate-to-high security risk primarily due to its collection, enrichment, and storage of sensitive visitor PII and browsing history, coupled with the supply-chain risk of integrating its tracking script directly into client websites.

OWASP AIVSS score rationale

AIVSS = (CVSS_Base + AARS) × Mitigation_Factor, where AARS = (10 − CVSS_Base) × (Factor_Sum / 10) × ThM
CVSS base 7.5AARS uplift 0.78Factor sum 3.1/10Threat ×1.0Mitigation ×1.0
Autonomy of Action
0.40
Goal-Driven Planning
0.20
Self-Modification
0.00
Dynamic Tool Use
0.30
Persistent Memory
0.70
Contextual Awareness
0.60
Dynamic Identity
0.10
Multi-Agent Interactions
0.00
Non-Determinism
0.30
Opacity & Reflexivity
0.50

Scored with the canonical OWASP AIVSS formula (AIVSS calculator reference); agentic risk factors estimated from the agent’s described capabilities.

MAESTRO 7-layer threat model

Per-layer threats for this agent. Layers tagged “not certain from listing” are general, caveated commentary where the public description didn’t pin that layer.

L1 · Foundation Models⚠ not certain from listing

Not certain from the listing — the specific foundation models used to generate 'AI-driven insights' are undisclosed, leaving potential vulnerabilities to model-specific prompt injection or alignment issues unverified.

L2 · Data Operations✓ mapped

High risk. The agent ingests real-time visitor behavior, browsing history, and contact details. This creates a high-value target for data exfiltration, unauthorized PII access, and potential data poisoning of the lead-scoring database.

L3 · Agent Frameworks⚠ not certain from listing

Not certain from the listing — the orchestration framework and tool-calling mechanisms for scraping and enrichment are closed-source, making it difficult to assess risks like insecure tool integration or memory poisoning.

L4 · Deployment & Infrastructure✓ mapped

High risk. The deployment model relies on integrating Webhawk's script directly into client websites. A compromise of Webhawk's hosting infrastructure or script delivery pipeline could result in a widespread supply-chain attack (e.g., malicious script injection/XSS on all client sites).

L5 · Evaluation & Observability⚠ not certain from listing

Not certain from the listing — there is no mention of evaluation frameworks, real-time monitoring, drift detection, or guardrails to detect anomalous data collection or biased AI insights.

L6 · Security & Compliance (cross-cutting)✓ mapped

High risk. Deanonymizing website visitors and tracking browsing history to build profiles raises significant compliance and regulatory concerns under GDPR, CCPA, and ePrivacy directives, especially regarding consent management and data subject rights.

L7 · Agent Ecosystem⚠ not certain from listing

Not certain from the listing — there is no indication of multi-agent collaboration or integration with external agent marketplaces.

MAESTRO — the 7-layer agentic threat-modeling framework (Cloud Security Alliance / Ken Huang).

These scores are auto-generated from public information (the agent's own listing, docs, and repository) using the canonical OWASP AIVSS formula and the MAESTRO framework — an estimate for guidance, not a penetration test, audit, or certification. See the scoring methodology. Are you the vendor? Factual corrections are free.