AgentReadyHomeAgent Listing

← Echo AI

Echo AI — agentic threat model

8.0AIVSS 8.0 · High

Echo AI presents a high confidentiality risk due to its access to sensitive corporate meetings, calendar integrations, and real-time audio streams, though its agentic autonomy is limited to automated meeting attendance and transcription rather than independent decision-making.

OWASP AIVSS score rationale

AIVSS = (CVSS_Base + AARS) × Mitigation_Factor, where AARS = (10 − CVSS_Base) × (Factor_Sum / 10) × ThM
CVSS base 8.5AARS uplift 0.43Factor sum 2.7/10Threat ×1.05Mitigation ×0.9
Autonomy of Action
0.40
Goal-Driven Planning
0.20
Self-Modification
0.00
Dynamic Tool Use
0.40
Persistent Memory
0.30
Contextual Awareness
0.50
Dynamic Identity
0.30
Multi-Agent Interactions
0.00
Non-Determinism
0.40
Opacity & Reflexivity
0.20

Scored with the canonical OWASP AIVSS formula (AIVSS calculator reference); agentic risk factors estimated from the agent’s described capabilities.

MAESTRO 7-layer threat model

Per-layer threats for this agent. Layers tagged “not certain from listing” are general, caveated commentary where the public description didn’t pin that layer.

L1 · Foundation Models⚠ not certain from listing

Not certain from the listing — The specific foundation models used for transcription, summarization, and speaker identification are not disclosed, leaving potential exposure to model-specific adversarial prompt injection or extraction risks unquantified.

L2 · Data Operations✓ mapped

Echo processes highly sensitive meeting audio, real-time transcripts, and calendar data. The 'searchable transcripts' feature implies a vector database or indexing system, which is vulnerable to unauthorized data exfiltration or embedding inversion if access controls are compromised.

L3 · Agent Frameworks✓ mapped

The agent orchestrates automated workflows to join meetings (Zoom, Teams, Meet) and read calendar events. Insecure tool integration or API key exposure for calendar services could allow unauthorized meeting scheduling or data harvesting.

L4 · Deployment & Infrastructure⚠ not certain from listing

Not certain from the listing — The hosting environment (SaaS vs. self-hosted open-source deployment) and sandboxing of recording bots are not detailed, presenting risks of container escape or unauthorized network access during live meeting connections.

L5 · Evaluation & Observability⚠ not certain from listing

Not certain from the listing — While a visual dashboard provides team productivity analytics, there is no mention of LLM-specific guardrails, input/output filtering, or real-time monitoring for prompt injection during transcription processing.

L6 · Security & Compliance (cross-cutting)⚠ not certain from listing

Not certain from the listing — The description claims 'strong security' but does not specify compliance standards (e.g., SOC 2, GDPR, HIPAA) or detail the encryption standards applied to stored audio and transcripts.

L7 · Agent Ecosystem⚠ not certain from listing

Not certain from the listing — There is no indication of multi-agent collaboration or marketplace integrations; the ecosystem risk is limited to standard third-party API integrations with video conferencing and calendar platforms.

MAESTRO — the 7-layer agentic threat-modeling framework (Cloud Security Alliance / Ken Huang).