AgentReadyHomeAgent Listing

← Agent OnRise

Agent OnRise — agentic threat model

8.5AIVSS 8.5 · High

Agent OnRise presents a moderate-to-high risk profile due to its autonomous voice-based interaction with customers and direct integration with business calendars. The lack of visible security controls or compliance details for handling sensitive customer PII in a financial context increases its vulnerability to voice-based prompt injection and unauthorized scheduling.

OWASP AIVSS score rationale

AIVSS = (CVSS_Base + AARS) × Mitigation_Factor, where AARS = (10 − CVSS_Base) × (Factor_Sum / 10) × ThM
CVSS base 7.5AARS uplift 1.0Factor sum 3.8/10Threat ×1.05Mitigation ×1.0
Autonomy of Action
0.70
Goal-Driven Planning
0.40
Self-Modification
0.00
Dynamic Tool Use
0.50
Persistent Memory
0.30
Contextual Awareness
0.50
Dynamic Identity
0.10
Multi-Agent Interactions
0.00
Non-Determinism
0.60
Opacity & Reflexivity
0.70

Scored with the canonical OWASP AIVSS formula (AIVSS calculator reference); agentic risk factors estimated from the agent’s described capabilities.

MAESTRO 7-layer threat model

Per-layer threats for this agent. Layers tagged “not certain from listing” are general, caveated commentary where the public description didn’t pin that layer.

L1 · Foundation Models⚠ not certain from listing

Not certain from the listing — The underlying LLM and speech-to-text/text-to-speech models are unspecified. Threats include voice-based prompt injection (audio injection attacks), adversarial audio inputs that bypass intent detection, and model output manipulation to misrepresent financial information.

L2 · Data Operations⚠ not certain from listing

Not certain from the listing — The agent collects and relays customer details, implying a database or CRM integration. Threats include data exfiltration of sensitive customer PII, unauthorized access to call transcripts, and lack of clear data retention or encryption policies.

L3 · Agent Frameworks✓ mapped

The agent integrates directly with calendar tools to book appointments. Threats include insecure tool integration where an attacker can manipulate the voice interface to flood, delete, or modify calendar events, or exploit the calendar API to access other corporate scheduling data.

L4 · Deployment & Infrastructure⚠ not certain from listing

Not certain from the listing — Telephony and hosting infrastructure are undisclosed. Threats include SIP/VoIP hacking, toll fraud, denial of service on voice lines, and insecure storage of API keys used for calendar and CRM integrations.

L5 · Evaluation & Observability⚠ not certain from listing

Not certain from the listing — No mention of real-time voice guardrails, call monitoring, or anomaly detection. Threats include conversational drift where the agent agrees to unauthorized terms, and a lack of audit logs to detect prompt injection attempts over voice.

L6 · Security & Compliance (cross-cutting)⚠ not certain from listing

Not certain from the listing — Despite being tagged under 'Finance', there is no mention of compliance with financial regulations, PCI-DSS, SOC2, or data privacy laws (GDPR/CCPA) regarding recorded voice data and PII collection.

L7 · Agent Ecosystem⚠ not certain from listing

Not certain from the listing — The agent appears to operate as a standalone voice-to-calendar solution. Threats of multi-agent cascading failures or ecosystem trust abuse are minimal unless integrated into broader agentic workflows not described here.

MAESTRO — the 7-layer agentic threat-modeling framework (Cloud Security Alliance / Ken Huang).