Lyro — agentic threat model

6.9AIVSS 6.9 · Medium

Lyro presents a moderate-to-high agentic risk profile due to its deep integration with transactional helpdesk systems (handling refunds and order updates) and public-facing nature, though this is significantly mitigated by its SOC 2 Type 2 compliance and structured policy controls.

OWASP AIVSS score rationale

AIVSS = (CVSS_Base + AARS) × Mitigation_Factor, where AARS = (10 − CVSS_Base) × (Factor_Sum / 10) × ThM

CVSS base 8.5AARS uplift 0.76Factor sum 4.8/10Threat ×1.05Mitigation ×0.75

Autonomy of Action		0.80
Goal-Driven Planning		0.60
Self-Modification		0.10
Dynamic Tool Use		0.80
Persistent Memory		0.50
Contextual Awareness		0.70
Dynamic Identity		0.20
Multi-Agent Interactions		0.20
Non-Determinism		0.50
Opacity & Reflexivity		0.40

Scored with the canonical OWASP AIVSS formula (AIVSS calculator reference); agentic risk factors estimated from the agent’s described capabilities.

MAESTRO 7-layer threat model

Per-layer threats for this agent. Layers tagged “not certain from listing” are general, caveated commentary where the public description didn’t pin that layer.

L1 · Foundation Models⚠ not certain from listing

Not certain from the listing — Lyro's underlying foundation models are not specified, making it vulnerable to standard LLM risks like adversarial prompt injection to bypass customer service policies or output misaligned/offensive content.

L2 · Data Operations✓ mapped

Lyro trains and coaches on helpdesk data. Threats include knowledge-base poisoning (e.g., injecting malicious instructions into support articles to trigger unauthorized refunds) and exfiltration of sensitive customer PII stored in connected CRM systems.

L3 · Agent Frameworks✓ mapped

The agent framework orchestrates tool execution for refunds, order updates, and troubleshooting. Insecure tool integration or prompt injection could lead to unauthorized API calls to connected platforms like Salesforce or Shopify.

L4 · Deployment & Infrastructure✓ mapped

Hosted as a SaaS solution by Tidio. While SOC 2 Type 2 compliance indicates strong infrastructure security controls, threats include API key exposure for integrated helpdesks and potential lateral movement if the hosting environment is breached.

L5 · Evaluation & Observability✓ mapped

Lyro features coaching, tone control, and escalation paths. However, blind spots in monitoring could allow subtle prompt injection attacks or policy drift to go unnoticed during live customer interactions.

L6 · Security & Compliance (cross-cutting)✓ mapped

Strong security posture with SOC 2 Type 2 and GDPR compliance. Risks are mitigated by defined policy controls, escalation paths to human agents, and structured compliance frameworks.

L7 · Agent Ecosystem✓ mapped

Lyro integrates deeply with external helpdesk ecosystems (Salesforce, Intercom, Zendesk, Gorgias). Threats include cascading failures or trust abuse if these third-party platforms are compromised or if they employ automated agents that interact with Lyro.

MAESTRO — the 7-layer agentic threat-modeling framework (Cloud Security Alliance / Ken Huang).