AgentReadyHomeAgent Listing

← Jazon by Lyzr AI

Jazon by Lyzr AI — agentic threat model

8.5AIVSS 8.5 · High

Jazon by Lyzr AI exhibits high agentic risk due to its autonomous capability to generate and send emails, research prospects, and schedule meetings directly, which could be exploited for automated phishing, social engineering, or CRM data exfiltration if compromised.

OWASP AIVSS score rationale

AIVSS = (CVSS_Base + AARS) × Mitigation_Factor, where AARS = (10 − CVSS_Base) × (Factor_Sum / 10) × ThM
CVSS base 8.5AARS uplift 0.94Factor sum 6.0/10Threat ×1.05Mitigation ×0.9
Autonomy of Action
0.80
Goal-Driven Planning
0.70
Self-Modification
0.30
Dynamic Tool Use
0.80
Persistent Memory
0.60
Contextual Awareness
0.80
Dynamic Identity
0.60
Multi-Agent Interactions
0.20
Non-Determinism
0.70
Opacity & Reflexivity
0.50

Scored with the canonical OWASP AIVSS formula (AIVSS calculator reference); agentic risk factors estimated from the agent’s described capabilities.

MAESTRO 7-layer threat model

Per-layer threats for this agent. Layers tagged “not certain from listing” are general, caveated commentary where the public description didn’t pin that layer.

L1 · Foundation Models⚠ not certain from listing

Not certain from the listing — Jazon uses an 'EMAIL OPTIMIZED LANGUAGE MODEL' but the specific base LLM is undisclosed. Threats include prompt injection leading to malicious email generation, model reprogramming, and output misalignment.

L2 · Data Operations⚠ not certain from listing

Not certain from the listing — Jazon utilizes 'PROSPECT RESEARCH TOOLS' and handles prospect data, but the underlying vector databases or CRM integration mechanisms are not detailed. Threats include data poisoning of prospect lists and unauthorized exfiltration of CRM data.

L3 · Agent Frameworks✓ mapped

Jazon orchestrates complex workflows including 'AUTOMATED FOLLOW-UP SEQUENCES' and 'MEETING SCHEDULING AUTOMATION'. Threats include tool misuse (e.g., spamming, booking unauthorized meetings) and insecure integration with email/calendar APIs.

L4 · Deployment & Infrastructure⚠ not certain from listing

Not certain from the listing — The hosting environment, sandboxing of research tools, and secret management for email/calendar APIs are not specified. Threats include API key exposure and privilege escalation via compromised integrations.

L5 · Evaluation & Observability⚠ not certain from listing

Not certain from the listing — Jazon features 'ADAPTIVE LEARNING MODES' but does not detail its evaluation, guardrails, or logging mechanisms. Threats include drift in learning behavior and lack of auditability for sent communications.

L6 · Security & Compliance (cross-cutting)⚠ not certain from listing

Not certain from the listing — While 'DATA COMPLIANCE' is highlighted, specific certifications (e.g., SOC2, GDPR compliance details) or access control policies are not explicitly defined. Threats include regulatory non-compliance (CAN-SPAM, GDPR) and unauthorized access to communication channels.

L7 · Agent Ecosystem⚠ not certain from listing

Not certain from the listing — Jazon is presented as a standalone SDR agent, and its interaction with other agents within the Lyzr ecosystem is not detailed. Threats include cascading failures if integrated into broader multi-agent sales pipelines.

MAESTRO — the 7-layer agentic threat-modeling framework (Cloud Security Alliance / Ken Huang).