AgentReadyHomeAgent Listing

← Notus

Notus — agentic threat model

7.7AIVSS 7.7 · High

Notus is a marketing intelligence agent focused on social listening and lead sourcing. Its primary security risk lies in indirect prompt injection via untrusted social media data, which could manipulate creator recommendations or lead generation outputs.

OWASP AIVSS score rationale

AIVSS = (CVSS_Base + AARS) × Mitigation_Factor, where AARS = (10 − CVSS_Base) × (Factor_Sum / 10) × ThM
CVSS base 6.5AARS uplift 1.22Factor sum 3.5/10Threat ×1.0Mitigation ×1.0
Autonomy of Action
0.40
Goal-Driven Planning
0.30
Self-Modification
0.10
Dynamic Tool Use
0.50
Persistent Memory
0.40
Contextual Awareness
0.60
Dynamic Identity
0.20
Multi-Agent Interactions
0.10
Non-Determinism
0.50
Opacity & Reflexivity
0.40

Scored with the canonical OWASP AIVSS formula (AIVSS calculator reference); agentic risk factors estimated from the agent’s described capabilities.

MAESTRO 7-layer threat model

Per-layer threats for this agent. Layers tagged “not certain from listing” are general, caveated commentary where the public description didn’t pin that layer.

L1 · Foundation Models⚠ not certain from listing

Not certain from the listing — likely utilizes third-party LLMs for analyzing social media sentiment and generating recommendations. These models are highly susceptible to indirect prompt injection embedded in public social media posts, which could alter the agent's behavior or recommendations.

L2 · Data Operations⚠ not certain from listing

Not certain from the listing — ingests large volumes of external social media data and user-defined target profiles. Risks include data poisoning of the vector store or database if malicious social media profiles are indexed, potentially leading to biased or malicious recommendations.

L3 · Agent Frameworks⚠ not certain from listing

Not certain from the listing — likely orchestrates API calls to social platforms and internal recommendation engines. Vulnerabilities could arise from insecure tool integration, where inputs retrieved from social media are executed or parsed without strict sanitization.

L4 · Deployment & Infrastructure⚠ not certain from listing

Not certain from the listing — operates as a closed-source SaaS platform. Standard web application vulnerabilities apply, including the risk of exposing API keys used to access social media platforms or CRM integrations.

L5 · Evaluation & Observability⚠ not certain from listing

Not certain from the listing — requires continuous monitoring to detect drift in social listening accuracy and to log API interactions. A lack of observability could allow stealthy data manipulation or unauthorized API usage to go unnoticed.

L6 · Security & Compliance (cross-cutting)⚠ not certain from listing

Not certain from the listing — must handle personal data scraped from social networks, raising significant GDPR, CCPA, and platform terms-of-service compliance risks. No security certifications (e.g., SOC2) are explicitly mentioned.

L7 · Agent Ecosystem⚠ not certain from listing

Not certain from the listing — primarily functions as a standalone intelligence tool, but integrations with external CRMs or marketing automation platforms create downstream risks if the agent is manipulated into pushing malicious lead data into enterprise systems.

MAESTRO — the 7-layer agentic threat-modeling framework (Cloud Security Alliance / Ken Huang).