AgentReadyHomeAgent Listing

← Airweb

Airweb — agentic threat model

6.9AIVSS 6.9 · Medium

Airweb presents a moderate risk profile primarily centered around conversational manipulation, vishing, and data leakage due to its public-facing phone and web avatar deployment channels. The lack of explicit security controls in the listing highlights the need for robust input filtering and session monitoring to prevent prompt injection and brand reputation damage.

OWASP AIVSS score rationale

AIVSS = (CVSS_Base + AARS) × Mitigation_Factor, where AARS = (10 − CVSS_Base) × (Factor_Sum / 10) × ThM
CVSS base 5.3AARS uplift 1.55Factor sum 3.3/10Threat ×1.0Mitigation ×1.0
Autonomy of Action
0.40
Goal-Driven Planning
0.30
Self-Modification
0.10
Dynamic Tool Use
0.30
Persistent Memory
0.30
Contextual Awareness
0.50
Dynamic Identity
0.20
Multi-Agent Interactions
0.10
Non-Determinism
0.60
Opacity & Reflexivity
0.50

Scored with the canonical OWASP AIVSS formula (AIVSS calculator reference); agentic risk factors estimated from the agent’s described capabilities.

MAESTRO 7-layer threat model

Per-layer threats for this agent. Layers tagged “not certain from listing” are general, caveated commentary where the public description didn’t pin that layer.

L1 · Foundation Models⚠ not certain from listing

Not certain from the listing — The underlying foundation models for text generation and text-to-speech (TTS) in 57 languages are unspecified. Threats include adversarial prompt injection to bypass safety guardrails, voice cloning abuse, and model reprogramming to output offensive content.

L2 · Data Operations⚠ not certain from listing

Not certain from the listing — The data operations layer likely handles customer support scripts, business FAQs, and potentially CRM data for personalized interactions. Threats include knowledge-base poisoning to feed false information to customers and data exfiltration of sensitive user conversations.

L3 · Agent Frameworks⚠ not certain from listing

Not certain from the listing — The orchestration framework managing the dialogue state, voice synthesis, and web avatar rendering is proprietary. Threats include insecure tool integration if the agent connects to external scheduling or CRM APIs, and memory poisoning across conversational turns.

L4 · Deployment & Infrastructure⚠ not certain from listing

Not certain from the listing — The hosting environment for the web avatars and telephony infrastructure is not described. Threats include SIP/telephony hacking, denial of service on voice channels, and container escape if the web widget hosting is compromised.

L5 · Evaluation & Observability⚠ not certain from listing

Not certain from the listing — No details are provided regarding real-time conversation monitoring, guardrails, or logging. This creates a blind spot where malicious interactions or prompt injections could go undetected, leading to reputational damage.

L6 · Security & Compliance (cross-cutting)⚠ not certain from listing

Not certain from the listing — There is no mention of compliance certifications (e.g., SOC 2, GDPR, HIPAA) or authentication mechanisms for resellers using the white-label service. This poses a risk of unauthorized access to reseller portals and customer interaction logs.

L7 · Agent Ecosystem⚠ not certain from listing

Not certain from the listing — While multi-agent collaboration is not highlighted, the white-label reseller model introduces supply chain risks where downstream resellers could deploy compromised or malicious configurations of the agent.

MAESTRO — the 7-layer agentic threat-modeling framework (Cloud Security Alliance / Ken Huang).