Exei — agentic threat model

Not certain from the listing — Exei is closed-source and likely relies on third-party commercial LLMs. The primary L1 threats are adversarial prompt injection via public customer-facing channels (WhatsApp, Facebook, VOIP) which could bypass system instructions to manipulate the agent's behavior.

Exei trains on diverse sources including website data, documents, manuals, and real-time API data. This creates a significant risk of RAG/knowledge-base poisoning if an attacker can manipulate the public website or documents, leading to unauthorized data exfiltration or biased agent responses.

The agent framework orchestrates automated appointment scheduling, ticket/task creation, and real-time AI actions via APIs. Insecure tool integration is a major threat here, where malicious user inputs could trick the agent into executing unauthorized API calls or creating fraudulent tickets.

Not certain from the listing — The hosting environment, API gateway security, and sandboxing mechanisms are not detailed. Compromise at this layer could expose API keys for integrated channels (Slack, WhatsApp, VOIP) or allow lateral movement into connected business systems.

Not certain from the listing — While Exei provides 'Actionable Analytics' on customer behavior and sentiment, it is unclear if it has dedicated security observability, real-time guardrails, or anomaly detection to identify and block adversarial prompt injections.

Not certain from the listing — The platform features 'Human Escalation' as a fallback control, but the listing does not specify compliance alignments (such as SOC2 or GDPR) or robust role-based access controls (RBAC) for managing the training data and API integrations.

Not certain from the listing — There is no explicit mention of multi-agent orchestration or marketplace interactions. However, because it integrates horizontally across multiple communication ecosystems (Slack, VOIP, social media), a compromise in one channel could cascade to others.