AgentReadyHomeAgent Listing

← Nurix AI

Nurix AI — agentic threat model

9.4AIVSS 9.4 · Critical

Nurix AI presents a high-risk profile due to its autonomous execution of enterprise workflows, integration with sensitive customer datasets, and direct voice engagement channels, which could be exploited for data exfiltration or social engineering if compromised.

OWASP AIVSS score rationale

AIVSS = (CVSS_Base + AARS) × Mitigation_Factor, where AARS = (10 − CVSS_Base) × (Factor_Sum / 10) × ThM
CVSS base 8.5AARS uplift 0.9Factor sum 6.0/10Threat ×1.0Mitigation ×1.0
Autonomy of Action
0.80
Goal-Driven Planning
0.70
Self-Modification
0.20
Dynamic Tool Use
0.70
Persistent Memory
0.60
Contextual Awareness
0.80
Dynamic Identity
0.40
Multi-Agent Interactions
0.50
Non-Determinism
0.70
Opacity & Reflexivity
0.60

Scored with the canonical OWASP AIVSS formula (AIVSS calculator reference); agentic risk factors estimated from the agent’s described capabilities.

MAESTRO 7-layer threat model

Per-layer threats for this agent. Layers tagged “not certain from listing” are general, caveated commentary where the public description didn’t pin that layer.

L1 · Foundation Models⚠ not certain from listing

Not certain from the listing — Nurix AI likely utilizes proprietary or third-party LLMs optimized for low-latency voice and text. Primary threats include adversarial voice inputs (prompt injection via audio), model reprogramming, and misaligned outputs during customer-facing interactions.

L2 · Data Operations⚠ not certain from listing

Not certain from the listing — The agent integrates with existing enterprise datasets and workflows. This implies RAG or database connections, raising risks of data/knowledge-base poisoning, unauthorized data exfiltration, and embedding inversion.

L3 · Agent Frameworks✓ mapped

Nurix AI relies on agentic workflows for autonomous task execution and tool integration. This introduces significant risks of tool misuse (e.g., unauthorized CRM writes or email sending) and insecure tool integration within enterprise environments.

L4 · Deployment & Infrastructure⚠ not certain from listing

Not certain from the listing — The infrastructure hosts low-latency voice APIs and enterprise integrations. Threats include container/host compromise, API endpoint exposure, and lack of sandboxing for execution environments.

L5 · Evaluation & Observability⚠ not certain from listing

Not certain from the listing — No specific guardrails, logging, or evaluation frameworks are detailed. Gaps in real-time monitoring of voice interactions could lead to undetected prompt injections or drift in agent behavior.

L6 · Security & Compliance (cross-cutting)⚠ not certain from listing

Not certain from the listing — While designed for enterprise services, the listing does not explicitly cite compliance certifications (such as SOC2, GDPR, or ISO) or specific identity and access management controls.

L7 · Agent Ecosystem⚠ not certain from listing

Not certain from the listing — The platform supports custom AI agents for various business processes. If these agents interact, threats include cascading failures, agent-to-agent trust abuse, and horizontal privilege escalation.

MAESTRO — the 7-layer agentic threat-modeling framework (Cloud Security Alliance / Ken Huang).