AgentReadyHomeAgent Listing

← Customer Support Demo

Customer Support Demo — agentic threat model

5.7AIVSS 5.7 · Medium

The Customer Support Demo is a low-risk, retrieval-augmented chatbot widget. Its primary security exposures are prompt injection (leading to brand reputation damage or misinformation) and potential unauthorized access to its underlying site database.

OWASP AIVSS score rationale

AIVSS = (CVSS_Base + AARS) × Mitigation_Factor, where AARS = (10 − CVSS_Base) × (Factor_Sum / 10) × ThM
CVSS base 4.8AARS uplift 0.94Factor sum 1.8/10Threat ×1.0Mitigation ×1.0
Autonomy of Action
0.20
Goal-Driven Planning
0.10
Self-Modification
0.00
Dynamic Tool Use
0.20
Persistent Memory
0.10
Contextual Awareness
0.40
Dynamic Identity
0.00
Multi-Agent Interactions
0.00
Non-Determinism
0.50
Opacity & Reflexivity
0.30

Scored with the canonical OWASP AIVSS formula (AIVSS calculator reference); agentic risk factors estimated from the agent’s described capabilities.

MAESTRO 7-layer threat model

Per-layer threats for this agent. Layers tagged “not certain from listing” are general, caveated commentary where the public description didn’t pin that layer.

L1 · Foundation Models⚠ not certain from listing

Not certain from the listing — the specific foundation LLM is not disclosed. Standard LLM threats like prompt injection, jailbreaking to bypass FAQ constraints, and model reprogramming to serve malicious content apply.

L2 · Data Operations✓ mapped

The agent connects to a 'specific site database' to answer questions. Threats include database poisoning if unauthorized users can modify the site database, and potential data exfiltration of non-public database contents via prompt injection.

L3 · Agent Frameworks⚠ not certain from listing

Not certain from the listing — the orchestration framework is unspecified. Likely uses a simple RAG pipeline. Risks include insecure tool integration if the database querying mechanism is susceptible to SQL injection or indirect prompt injection.

L4 · Deployment & Infrastructure⚠ not certain from listing

Not certain from the listing — hosting details are omitted. As a website widget, it faces client-side security risks (XSS, widget tampering) and standard container/hosting vulnerabilities if the backend API is compromised.

L5 · Evaluation & Observability⚠ not certain from listing

Not certain from the listing — no mention of guardrails, logging, or evaluation frameworks. Lack of observability could lead to undetected drift, hallucinated support answers, or unmonitored prompt injection attacks.

L6 · Security & Compliance (cross-cutting)⚠ not certain from listing

Not certain from the listing — compliance standards (e.g., GDPR for user chat logs) and authentication mechanisms are not detailed. Lack of clear access controls on the database connection is a key risk.

L7 · Agent Ecosystem✓ mapped

The agent operates as a standalone customer support widget and does not interact with an agent ecosystem or other third-party agents, minimizing multi-agent cascading failure risks.

MAESTRO — the 7-layer agentic threat-modeling framework (Cloud Security Alliance / Ken Huang).