AgentReadyHomeAgent Listing

← MirrorFly AI Voice Agent

MirrorFly AI Voice Agent — agentic threat model

8.1AIVSS 8.1 · High

MirrorFly presents moderate-to-high agentic risk primarily due to its voice-based interaction model, which is susceptible to audio prompt injection and vishing exploits, combined with telephony API access that could be abused for toll fraud or social engineering.

OWASP AIVSS score rationale

AIVSS = (CVSS_Base + AARS) × Mitigation_Factor, where AARS = (10 − CVSS_Base) × (Factor_Sum / 10) × ThM
CVSS base 7.5AARS uplift 1.02Factor sum 4.1/10Threat ×1.0Mitigation ×0.95
Autonomy of Action
0.60
Goal-Driven Planning
0.40
Self-Modification
0.10
Dynamic Tool Use
0.50
Persistent Memory
0.30
Contextual Awareness
0.60
Dynamic Identity
0.20
Multi-Agent Interactions
0.10
Non-Determinism
0.70
Opacity & Reflexivity
0.60

Scored with the canonical OWASP AIVSS formula (AIVSS calculator reference); agentic risk factors estimated from the agent’s described capabilities.

MAESTRO 7-layer threat model

Per-layer threats for this agent. Layers tagged “not certain from listing” are general, caveated commentary where the public description didn’t pin that layer.

L1 · Foundation Models⚠ not certain from listing

Not certain from the listing — the specific foundation models (ASR, TTS, LLM) used by MirrorFly are not disclosed. General threats include adversarial audio injection, voice cloning exploits, and model reprogramming via spoken prompts.

L2 · Data Operations⚠ not certain from listing

Not certain from the listing — while 'total data ownership' is highlighted, the underlying RAG architecture or vector database details are absent. General threats involve data exfiltration of call transcripts and voice recordings.

L3 · Agent Frameworks⚠ not certain from listing

Not certain from the listing — orchestration of voice-to-text-to-speech is implied, but specific framework details are missing. General threats include indirect prompt injection via voice and unauthorized telephony tool execution.

L4 · Deployment & Infrastructure⚠ not certain from listing

Not certain from the listing — deployment options (on-premise vs. cloud) are not specified beyond 'deploy and scale'. General threats include SIP/telephony infrastructure compromise and insecure API endpoints.

L5 · Evaluation & Observability⚠ not certain from listing

Not certain from the listing — no mention of real-time audio guardrails, logging, or drift monitoring. General threats include blind spots in voice conversation monitoring and lack of prompt-injection detection in audio streams.

L6 · Security & Compliance (cross-cutting)⚠ not certain from listing

Not certain from the listing — mentions 'security requirements' but lacks specific compliance certifications (e.g., SOC2, HIPAA, GDPR). General threats include unauthorized access to call logs and lack of role-based access control for voice agent configuration.

L7 · Agent Ecosystem⚠ not certain from listing

Not certain from the listing — no multi-agent orchestration or marketplace interactions are described. General threats include cascading failures if integrated with external CRM agents or telephony routing systems.

MAESTRO — the 7-layer agentic threat-modeling framework (Cloud Security Alliance / Ken Huang).