AgentReadyHomeAgent Listing

← Helpcare AI (YC F24)

Helpcare AI (YC F24) — agentic threat model

9.3AIVSS 9.3 · Critical

Helpcare AI presents a high-risk profile due to its autonomous interaction with patients (via calls) and direct navigation of healthcare portals containing sensitive PHI, operating without explicit system integrations or detailed security guardrails.

OWASP AIVSS score rationale

AIVSS = (CVSS_Base + AARS) × Mitigation_Factor, where AARS = (10 − CVSS_Base) × (Factor_Sum / 10) × ThM
CVSS base 8.2AARS uplift 1.09Factor sum 5.5/10Threat ×1.1Mitigation ×1.0
Autonomy of Action
0.80
Goal-Driven Planning
0.70
Self-Modification
0.10
Dynamic Tool Use
0.80
Persistent Memory
0.50
Contextual Awareness
0.60
Dynamic Identity
0.50
Multi-Agent Interactions
0.20
Non-Determinism
0.70
Opacity & Reflexivity
0.60

Scored with the canonical OWASP AIVSS formula (AIVSS calculator reference); agentic risk factors estimated from the agent’s described capabilities.

MAESTRO 7-layer threat model

Per-layer threats for this agent. Layers tagged “not certain from listing” are general, caveated commentary where the public description didn’t pin that layer.

L1 · Foundation Models⚠ not certain from listing

Not certain from the listing — likely relies on third-party LLMs to support its 29-language conversational capabilities. Key threats include prompt injection that could manipulate patient outreach calls or hijack the agent's decision-making logic during portal navigation.

L2 · Data Operations⚠ not certain from listing

Not certain from the listing — processes patient data, outreach scripts, and booking details. Key threats include the exposure of Protected Health Information (PHI) during data analysis and the lack of secure data lineage for conversational logs.

L3 · Agent Frameworks✓ mapped

The agent autonomously navigates various tools and portals to complete tasks without direct system integrations (likely using RPA or browser automation). This introduces severe risks of tool misuse, where a hijacked agent could perform unauthorized administrative actions or data exfiltration within healthcare portals.

L4 · Deployment & Infrastructure⚠ not certain from listing

Not certain from the listing — requires infrastructure to support telephony (calling patients) and web automation. Threats include session hijacking of portal credentials, insecure storage of API keys, and lack of sandboxing for browser automation tools.

L5 · Evaluation & Observability⚠ not certain from listing

Not certain from the listing — no mention of real-time monitoring, guardrails, or human-in-the-loop verification for patient calls. Threats include undetected conversational drift, inappropriate medical/administrative advice, and silent failures during portal navigation.

L6 · Security & Compliance (cross-cutting)✓ mapped

Operating in the healthcare sector handling patient scheduling and data analysis mandates strict HIPAA compliance. The lack of explicit security certifications or access controls in the listing poses a major compliance risk regarding unauthorized PHI access and lack of auditability for autonomous actions.

L7 · Agent Ecosystem⚠ not certain from listing

Not certain from the listing — primarily functions as independent digital workers. Threats include cascading failures if external healthcare portals update their UIs, causing the agent to input incorrect data or misroute patient bookings.

MAESTRO — the 7-layer agentic threat-modeling framework (Cloud Security Alliance / Ken Huang).