AgentReadyHomeAgent Listing

← Insyghtful AI

Insyghtful AI — agentic threat model

7.8AIVSS 7.8 · High

Insyghtful AI presents a moderate-to-high risk profile primarily centered on data confidentiality, as it ingests and processes real-time B2B sales audio and video streams. While its operational autonomy is low (acting as a co-pilot), a compromise could lead to massive exposure of proprietary business discussions, pricing strategies, and customer PII.

OWASP AIVSS score rationale

AIVSS = (CVSS_Base + AARS) × Mitigation_Factor, where AARS = (10 − CVSS_Base) × (Factor_Sum / 10) × ThM
CVSS base 6.8AARS uplift 1.02Factor sum 3.2/10Threat ×1.0Mitigation ×1.0
Autonomy of Action
0.20
Goal-Driven Planning
0.20
Self-Modification
0.00
Dynamic Tool Use
0.30
Persistent Memory
0.40
Contextual Awareness
0.80
Dynamic Identity
0.10
Multi-Agent Interactions
0.10
Non-Determinism
0.60
Opacity & Reflexivity
0.50

Scored with the canonical OWASP AIVSS formula (AIVSS calculator reference); agentic risk factors estimated from the agent’s described capabilities.

MAESTRO 7-layer threat model

Per-layer threats for this agent. Layers tagged “not certain from listing” are general, caveated commentary where the public description didn’t pin that layer.

L1 · Foundation Models⚠ not certain from listing

Not certain from the listing — likely utilizes commercial LLMs and speech-to-text models for real-time transcription, sentiment analysis, and text generation. Primary threats include prompt injection via live audio (voice-to-text translation of adversarial spoken prompts) and misaligned coaching advice during live calls.

L2 · Data Operations⚠ not certain from listing

Not certain from the listing — processes real-time audio/video streams and likely syncs with CRMs to build 'influence hierarchy mapping'. Risks include data exfiltration of sensitive sales conversations, unauthorized retention of call recordings, and poisoning of the sales playbook knowledge base.

L3 · Agent Frameworks⚠ not certain from listing

Not certain from the listing — orchestrates real-time audio processing, transcription, and LLM querying to generate live recommendations. Risks include insecure tool integration with CRMs or video conferencing APIs (e.g., Zoom, Teams) and state-tracking vulnerabilities during long calls.

L4 · Deployment & Infrastructure⚠ not certain from listing

Not certain from the listing — requires high-throughput, low-latency hosting (WebSockets/WebRTC) to handle live streams. Risks include unauthorized access to live streams, container compromise, or exposed API endpoints handling sensitive telemetry.

L5 · Evaluation & Observability⚠ not certain from listing

Not certain from the listing — requires real-time guardrails to prevent the AI from generating inappropriate, offensive, or legally binding statements during live objection handling, as well as monitoring for transcription drift.

L6 · Security & Compliance (cross-cutting)⚠ not certain from listing

Not certain from the listing — must comply with wiretapping and two-party consent laws (GDPR, CCPA) for recording and analyzing live calls. Requires robust role-based access control (RBAC) to separate manager monitoring capabilities from standard rep access.

L7 · Agent Ecosystem⚠ not certain from listing

Not certain from the listing — operates as a vertical sales tool, potentially interacting with CRM APIs. Risks include cascading failures if CRM APIs are compromised or rate-limited, and potential trust abuse if the agent is granted write-access to update CRM records automatically.

MAESTRO — the 7-layer agentic threat-modeling framework (Cloud Security Alliance / Ken Huang).