AgentReadyHomeAgent Listing

← Aivah

Aivah — agentic threat model

8.7AIVSS 8.7 · High

Aivah presents a moderate-to-high risk profile due to its ingestion of custom multimodal training data and deployment in sensitive sectors like healthcare and education, combined with a lack of visible security controls or sandboxing in its public listing.

OWASP AIVSS score rationale

AIVSS = (CVSS_Base + AARS) × Mitigation_Factor, where AARS = (10 − CVSS_Base) × (Factor_Sum / 10) × ThM
CVSS base 7.5AARS uplift 1.18Factor sum 4.5/10Threat ×1.05Mitigation ×1.0
Autonomy of Action
0.50
Goal-Driven Planning
0.40
Self-Modification
0.20
Dynamic Tool Use
0.30
Persistent Memory
0.80
Contextual Awareness
0.70
Dynamic Identity
0.30
Multi-Agent Interactions
0.20
Non-Determinism
0.60
Opacity & Reflexivity
0.50

Scored with the canonical OWASP AIVSS formula (AIVSS calculator reference); agentic risk factors estimated from the agent’s described capabilities.

MAESTRO 7-layer threat model

Per-layer threats for this agent. Layers tagged “not certain from listing” are general, caveated commentary where the public description didn’t pin that layer.

L1 · Foundation Models✓ mapped

Utilizes multimodal LLMs, making it susceptible to multimodal jailbreaks (e.g., via malicious images or audio) and adversarial prompt injection that could alter the avatar's persona or emotional output.

L2 · Data Operations✓ mapped

Supports custom data source training (documents, videos, audio, images). This introduces significant risks of data poisoning, training data extraction, and unauthorized access to sensitive proprietary or personal data ingested into the avatar's knowledge base.

L3 · Agent Frameworks✓ mapped

Features persistent memory and advanced personas. This creates a risk of memory poisoning, where malicious user interactions permanently corrupt the avatar's behavior or cause it to retain and leak sensitive information across sessions.

L4 · Deployment & Infrastructure⚠ not certain from listing

Not certain from the listing — No details are provided regarding the hosting infrastructure, sandboxing of the AR/VR integration, or how web-deployed avatars are isolated from the host website's DOM and backend systems.

L5 · Evaluation & Observability⚠ not certain from listing

Not certain from the listing — The directory listing does not mention any built-in guardrails, output filtering, or observability tools to monitor avatar behavior, drift, or malicious inputs in real-time.

L6 · Security & Compliance (cross-cutting)⚠ not certain from listing

Not certain from the listing — Despite targeting sensitive domains like healthcare and personalized education, there is no mention of compliance frameworks (such as HIPAA or GDPR), access control mechanisms, or data encryption standards.

L7 · Agent Ecosystem✓ mapped

Allows users to 'share' and deploy interactive AI avatar agents. This ecosystem model introduces risks of shared malicious avatars, template hijacking, and downstream trust abuse if users deploy unvetted third-party avatars on their platforms.

MAESTRO — the 7-layer agentic threat-modeling framework (Cloud Security Alliance / Ken Huang).