AgentReadyHomeAgent Listing

← Cognosys

Cognosys — agentic threat model

8.7AIVSS 8.7 · High

Cognosys presents a moderate-to-high risk profile due to its goal-driven task generation and planned integrations with highly sensitive personal data sources like Gmail and Notion, compounded by a lack of visible security controls in its public listing.

OWASP AIVSS score rationale

AIVSS = (CVSS_Base + AARS) × Mitigation_Factor, where AARS = (10 − CVSS_Base) × (Factor_Sum / 10) × ThM
CVSS base 7.5AARS uplift 1.23Factor sum 4.9/10Threat ×1.0Mitigation ×1.0
Autonomy of Action
0.60
Goal-Driven Planning
0.70
Self-Modification
0.20
Dynamic Tool Use
0.50
Persistent Memory
0.60
Contextual Awareness
0.70
Dynamic Identity
0.30
Multi-Agent Interactions
0.20
Non-Determinism
0.60
Opacity & Reflexivity
0.50

Scored with the canonical OWASP AIVSS formula (AIVSS calculator reference); agentic risk factors estimated from the agent’s described capabilities.

MAESTRO 7-layer threat model

Per-layer threats for this agent. Layers tagged “not certain from listing” are general, caveated commentary where the public description didn’t pin that layer.

L1 · Foundation Models✓ mapped

Utilizes 'intelligent model selection' across multiple foundation models, exposing the system to model-specific vulnerabilities, adversarial prompt injection, and misaligned outputs depending on the selected model.

L2 · Data Operations✓ mapped

Features 'internet search transparency' which implies active web-scraping or search API integration, introducing risks of indirect prompt injection and data poisoning from untrusted web sources.

L3 · Agent Frameworks✓ mapped

Employs 'automated task generation' and orchestration to streamline productivity, which presents risks of tool misuse, planning loops, or unintended execution paths if the generated tasks are not properly constrained.

L4 · Deployment & Infrastructure⚠ not certain from listing

Not certain from the listing — as a closed-source freemium platform, deployment details, sandboxing of task execution, and secrets management for future integrations (Gmail, Notion) are unspecified.

L5 · Evaluation & Observability⚠ not certain from listing

Not certain from the listing — while 'internet search transparency' is highlighted, there is no explicit mention of real-time guardrails, evaluation frameworks, or comprehensive logging.

L6 · Security & Compliance (cross-cutting)⚠ not certain from listing

Not certain from the listing — compliance postures, identity/access management, and data privacy policies for personal data automation are not detailed in the public listing.

L7 · Agent Ecosystem⚠ not certain from listing

Not certain from the listing — although it acts as a personalized agent with future third-party integrations, there is no explicit mention of multi-agent collaboration or a shared agent marketplace.

MAESTRO — the 7-layer agentic threat-modeling framework (Cloud Security Alliance / Ken Huang).