AgentReadyHomeAgent Listing

← Johnni AI

Johnni AI — agentic threat model

7.6AIVSS 7.6 · High

Johnni AI operates as an automated voice receptionist, introducing risks related to voice prompt injection, caller PII exposure, and unauthorized CRM or calendar modifications. Its agentic risk is moderate, driven by real-time voice autonomy and integration with business communication channels without explicit security controls detailed in its listing.

OWASP AIVSS score rationale

AIVSS = (CVSS_Base + AARS) × Mitigation_Factor, where AARS = (10 − CVSS_Base) × (Factor_Sum / 10) × ThM
CVSS base 6.5AARS uplift 1.08Factor sum 3.1/10Threat ×1.0Mitigation ×1.0
Autonomy of Action
0.60
Goal-Driven Planning
0.30
Self-Modification
0.00
Dynamic Tool Use
0.40
Persistent Memory
0.30
Contextual Awareness
0.40
Dynamic Identity
0.10
Multi-Agent Interactions
0.10
Non-Determinism
0.50
Opacity & Reflexivity
0.40

Scored with the canonical OWASP AIVSS formula (AIVSS calculator reference); agentic risk factors estimated from the agent’s described capabilities.

MAESTRO 7-layer threat model

Per-layer threats for this agent. Layers tagged “not certain from listing” are general, caveated commentary where the public description didn’t pin that layer.

L1 · Foundation Models⚠ not certain from listing

Not certain from the listing — The underlying foundation models (LLMs, STT, and TTS engines) are unspecified. Primary threats include voice-based prompt injection (VPI) where callers manipulate the LLM's instructions, and potential model misalignment leading to inappropriate voice outputs.

L2 · Data Operations⚠ not certain from listing

Not certain from the listing — The data operations layer likely handles call transcripts, caller PII, and business FAQ data. Threats include unauthorized access to call logs, data exfiltration of sensitive customer information, and poisoning of the knowledge base used to answer caller queries.

L3 · Agent Frameworks⚠ not certain from listing

Not certain from the listing — The orchestration framework managing call flows and tool execution (e.g., booking appointments, routing calls) is not detailed. Threats include insecure tool integration where malicious voice inputs trigger unauthorized API calls to external CRMs or scheduling tools.

L4 · Deployment & Infrastructure⚠ not certain from listing

Not certain from the listing — The hosting infrastructure and telephony/SIP integrations are undisclosed. Threats include SIP trunk abuse, toll fraud, and unauthorized access to the hosting environment or API endpoints.

L5 · Evaluation & Observability⚠ not certain from listing

Not certain from the listing — There is no mention of real-time call monitoring, transcript logging, or guardrails to detect and block abusive inputs or hallucinated outputs during live calls.

L6 · Security & Compliance (cross-cutting)⚠ not certain from listing

Not certain from the listing — Compliance controls regarding call recording consent (e.g., Australian Privacy Principles or GDPR) and access controls for call records are not specified.

L7 · Agent Ecosystem⚠ not certain from listing

Not certain from the listing — The agent's interactions within a broader ecosystem (such as automated handoffs to other business agents or third-party marketplace integrations) are not defined.

MAESTRO — the 7-layer agentic threat-modeling framework (Cloud Security Alliance / Ken Huang).