AgentReadyHomeAgent Listing

← Decagon

Decagon — agentic threat model

8.5AIVSS 8.5 · High

Decagon presents a high-risk profile due to its deep integration with enterprise data sources and tools, combined with high autonomy in resolving customer queries, which could be exploited via prompt injection to perform unauthorized actions or exfiltrate sensitive customer data.

OWASP AIVSS score rationale

AIVSS = (CVSS_Base + AARS) × Mitigation_Factor, where AARS = (10 − CVSS_Base) × (Factor_Sum / 10) × ThM
CVSS base 8.5AARS uplift 0.91Factor sum 5.8/10Threat ×1.05Mitigation ×0.9
Autonomy of Action
0.80
Goal-Driven Planning
0.70
Self-Modification
0.30
Dynamic Tool Use
0.80
Persistent Memory
0.70
Contextual Awareness
0.80
Dynamic Identity
0.40
Multi-Agent Interactions
0.20
Non-Determinism
0.60
Opacity & Reflexivity
0.50

Scored with the canonical OWASP AIVSS formula (AIVSS calculator reference); agentic risk factors estimated from the agent’s described capabilities.

MAESTRO 7-layer threat model

Per-layer threats for this agent. Layers tagged “not certain from listing” are general, caveated commentary where the public description didn’t pin that layer.

L1 · Foundation Models⚠ not certain from listing

Not certain from the listing — Likely relies on proprietary or fine-tuned commercial foundation models. Primary threats include prompt injection attacks that bypass customer service guidelines, leading to brand damage or unauthorized instructions.

L2 · Data Operations⚠ not certain from listing

Not certain from the listing — Integrates with enterprise data sources for RAG. Threats include knowledge-base poisoning where malicious data injected into connected systems alters the agent's behavior, and accidental exfiltration of customer PII.

L3 · Agent Frameworks✓ mapped

Utilizes customizable workflows and seamless integrations to orchestrate actions. Threats include tool misuse where the agent is manipulated into executing unauthorized API calls (e.g., processing fraudulent refunds or modifying account settings).

L4 · Deployment & Infrastructure⚠ not certain from listing

Not certain from the listing — Deployed as an enterprise SaaS platform. Threats include insecure API endpoints, lack of tenant isolation, and exposure of integration secrets/credentials.

L5 · Evaluation & Observability✓ mapped

Features 'analytics and insights' and 'transparent decision-making' to monitor agent behavior. However, threats remain regarding blind spots in detecting sophisticated, multi-turn adversarial prompt injections or drift in continuous learning loops.

L6 · Security & Compliance (cross-cutting)⚠ not certain from listing

Not certain from the listing — While targeting enterprise customers, specific compliance certifications (e.g., SOC2, GDPR) are not detailed. Threats include insufficient authorization checks between the agent and backend enterprise systems.

L7 · Agent Ecosystem⚠ not certain from listing

Not certain from the listing — Primarily functions as a direct customer-to-agent interface, but integration with external tools creates ecosystem dependencies. Threats include cascading failures if third-party APIs or integrated services are compromised.

MAESTRO — the 7-layer agentic threat-modeling framework (Cloud Security Alliance / Ken Huang).