AgentReadyHomeAgent Listing

← AI ROI Calculator

AI ROI Calculator — agentic threat model

6.1AIVSS 6.1 · Medium

The AI ROI Calculator exhibits low agentic risk due to its highly constrained, interactive nature and lack of autonomous execution capabilities. The primary security concerns are data confidentiality regarding proprietary business plans and the integrity of AI-generated financial estimations.

OWASP AIVSS score rationale

AIVSS = (CVSS_Base + AARS) × Mitigation_Factor, where AARS = (10 − CVSS_Base) × (Factor_Sum / 10) × ThM
CVSS base 5.3AARS uplift 0.85Factor sum 1.8/10Threat ×1.0Mitigation ×1.0
Autonomy of Action
0.20
Goal-Driven Planning
0.30
Self-Modification
0.00
Dynamic Tool Use
0.20
Persistent Memory
0.20
Contextual Awareness
0.40
Dynamic Identity
0.00
Multi-Agent Interactions
0.00
Non-Determinism
0.30
Opacity & Reflexivity
0.20

Scored with the canonical OWASP AIVSS formula (AIVSS calculator reference); agentic risk factors estimated from the agent’s described capabilities.

MAESTRO 7-layer threat model

Per-layer threats for this agent. Layers tagged “not certain from listing” are general, caveated commentary where the public description didn’t pin that layer.

L1 · Foundation Models⚠ not certain from listing

Not certain from the listing — likely relies on a commercial LLM to power the guided assistant. Primary threats include prompt injection that could manipulate cost/benefit estimations or cause the assistant to output misleading financial advice.

L2 · Data Operations⚠ not certain from listing

Not certain from the listing — processes user-provided business goals, OKRs, and financial estimates. If these are stored in a database or vector store to persist ROI models, they represent sensitive proprietary data vulnerable to exfiltration or unauthorized access.

L3 · Agent Frameworks⚠ not certain from listing

Not certain from the listing — orchestration likely coordinates user inputs with deterministic calculation tools (NPV, ROI, Payback Period). A threat exists if the calculation engine insecurely parses unvalidated LLM outputs, leading to injection vulnerabilities.

L4 · Deployment & Infrastructure⚠ not certain from listing

Not certain from the listing — hosted as a closed-source web application. Standard web infrastructure threats apply, including session hijacking, insecure direct object references (IDOR) to other users' ROI models, and lack of tenant isolation.

L5 · Evaluation & Observability⚠ not certain from listing

Not certain from the listing — no mention of guardrails or observability tools. Without input/output validation, the AI assistant could hallucinate unrealistic financial metrics or industry-standard tips without detection.

L6 · Security & Compliance (cross-cutting)⚠ not certain from listing

Not certain from the listing — no compliance certifications (such as SOC2) or access control mechanisms are detailed, which is a concern given that users upload sensitive business strategy and financial projections.

L7 · Agent Ecosystem⚠ not certain from listing

Not certain from the listing — appears to operate as a standalone, single-agent utility with no multi-agent coordination or external ecosystem integrations, minimizing ecosystem-level threats.

MAESTRO — the 7-layer agentic threat-modeling framework (Cloud Security Alliance / Ken Huang).