AgentReadyHomeAgent Listing

← AI Receptionist

AI Receptionist — agentic threat model

8.2AIVSS 8.2 · High

The AI Receptionist presents a moderate-to-high risk profile due to its direct public-facing voice interface and integration with sensitive downstream systems like CRMs and calendars. A compromise could lead to unauthorized data exfiltration of customer PII/PHI or automated social engineering attacks.

OWASP AIVSS score rationale

AIVSS = (CVSS_Base + AARS) × Mitigation_Factor, where AARS = (10 − CVSS_Base) × (Factor_Sum / 10) × ThM
CVSS base 7.5AARS uplift 1.18Factor sum 4.5/10Threat ×1.05Mitigation ×0.95
Autonomy of Action
0.70
Goal-Driven Planning
0.50
Self-Modification
0.10
Dynamic Tool Use
0.60
Persistent Memory
0.50
Contextual Awareness
0.60
Dynamic Identity
0.20
Multi-Agent Interactions
0.20
Non-Determinism
0.60
Opacity & Reflexivity
0.50

Scored with the canonical OWASP AIVSS formula (AIVSS calculator reference); agentic risk factors estimated from the agent’s described capabilities.

MAESTRO 7-layer threat model

Per-layer threats for this agent. Layers tagged “not certain from listing” are general, caveated commentary where the public description didn’t pin that layer.

L1 · Foundation Models⚠ not certain from listing

Not certain from the listing — The underlying LLM and speech-to-text/text-to-speech models are unspecified. They are potentially vulnerable to voice-based prompt injection (vishing attacks) where callers use adversarial phrasing to bypass safety guardrails or reprogram the agent's behavior during a call.

L2 · Data Operations⚠ not certain from listing

Not certain from the listing — The agent reads and writes to CRMs and calendars. This creates risks of data exfiltration of customer PII/PHI and database poisoning if malicious caller inputs are written directly into CRM fields without sanitization.

L3 · Agent Frameworks⚠ not certain from listing

Not certain from the listing — The orchestration framework managing custom scripts, intent detection, and tool execution is proprietary. Vulnerabilities could include insecure tool integration with CRM/calendar APIs, allowing callers to manipulate scheduling logic or access unauthorized records.

L4 · Deployment & Infrastructure⚠ not certain from listing

Not certain from the listing — The hosting infrastructure and telephony/SIP integration details are not provided. Risks include unauthorized call interception, SIP trunk abuse, or infrastructure compromise leading to access to API keys for integrated CRMs.

L5 · Evaluation & Observability⚠ not certain from listing

Not certain from the listing — It is unclear what logging, guardrails, or drift detection mechanisms are in place. Blind spots in voice-to-text translation could allow malicious payloads to pass undetected to downstream systems.

L6 · Security & Compliance (cross-cutting)⚠ not certain from listing

Not certain from the listing — While industry-specific customization for healthcare is mentioned, there is no explicit confirmation of HIPAA compliance, SOC2 certification, or robust access control policies governing CRM/calendar integrations.

L7 · Agent Ecosystem⚠ not certain from listing

Not certain from the listing — The agent interacts with external ecosystems (CRM and calendar APIs). Cascading failures could occur if these downstream services are compromised, rate-limited, or if the agent is manipulated into flooding them with automated requests.

MAESTRO — the 7-layer agentic threat-modeling framework (Cloud Security Alliance / Ken Huang).