AgentReadyHomeAgent Listing

← Docsumo

Docsumo — agentic threat model

6.6AIVSS 6.6 · Medium

Docsumo presents a moderate-to-high risk profile primarily due to its access to highly sensitive financial and PII data (invoices, bank statements) and its integration with critical downstream systems like ERPs and accounting software, though this is heavily mitigated by its robust compliance posture.

OWASP AIVSS score rationale

AIVSS = (CVSS_Base + AARS) × Mitigation_Factor, where AARS = (10 − CVSS_Base) × (Factor_Sum / 10) × ThM
CVSS base 8.5AARS uplift 0.36Factor sum 2.4/10Threat ×1.0Mitigation ×0.75
Autonomy of Action
0.40
Goal-Driven Planning
0.30
Self-Modification
0.00
Dynamic Tool Use
0.50
Persistent Memory
0.20
Contextual Awareness
0.40
Dynamic Identity
0.10
Multi-Agent Interactions
0.00
Non-Determinism
0.30
Opacity & Reflexivity
0.20

Scored with the canonical OWASP AIVSS formula (AIVSS calculator reference); agentic risk factors estimated from the agent’s described capabilities.

MAESTRO 7-layer threat model

Per-layer threats for this agent. Layers tagged “not certain from listing” are general, caveated commentary where the public description didn’t pin that layer.

L1 · Foundation Models⚠ not certain from listing

Not certain from the listing — The specific LLMs or OCR models used are not detailed. Threats include adversarial document inputs (e.g., prompt injection embedded in invoices) designed to hijack the extraction logic or bypass validation.

L2 · Data Operations✓ mapped

Docsumo processes highly sensitive unstructured data (bank statements, invoices). Key threats include data exfiltration of PII/financial data during ingestion, and training data poisoning if user-corrected documents are used to retrain extraction models.

L3 · Agent Frameworks✓ mapped

The agent uses customizable workflows and API integrations to push data to ERP/CRM systems. Threats include insecure tool integration where malicious document data triggers unintended API actions or exploits downstream ERP/accounting endpoints.

L4 · Deployment & Infrastructure⚠ not certain from listing

Not certain from the listing — The hosting environment (SaaS vs. self-hosted Open Source) is not fully specified. Threats include container compromise or unauthorized access to API keys used for ERP/CRM integrations.

L5 · Evaluation & Observability✓ mapped

Features include data validation and verification rules. However, blind spots in drift detection or insufficient logging of anomalous document extractions could allow silent data corruption or fraud to go unnoticed.

L6 · Security & Compliance (cross-cutting)✓ mapped

The listing explicitly claims GDPR, SOC2, and HIPAA compliance, indicating strong baseline administrative and technical controls, though continuous auditing of API access and data retention policies remains critical.

L7 · Agent Ecosystem⚠ not certain from listing

Not certain from the listing — There is no mention of multi-agent orchestration or marketplace interactions, meaning ecosystem-level cascading failures are currently a low threat.

MAESTRO — the 7-layer agentic threat-modeling framework (Cloud Security Alliance / Ken Huang).