AgentReadyHomeAgent Listing

← Querix

Querix — agentic threat model

7.4AIVSS 7.4 · High

Querix presents a moderate-to-high agentic risk profile due to its integration of advanced Graph RAG and process automation capabilities across enterprise workflows. While its security controls and GDPR compliance mitigate some risks, its multi-LLM compatibility and closed-source nature require robust deployment-level guardrails.

OWASP AIVSS score rationale

AIVSS = (CVSS_Base + AARS) × Mitigation_Factor, where AARS = (10 − CVSS_Base) × (Factor_Sum / 10) × ThM
CVSS base 7.5AARS uplift 1.15Factor sum 4.6/10Threat ×1.0Mitigation ×0.85
Autonomy of Action
0.60
Goal-Driven Planning
0.50
Self-Modification
0.10
Dynamic Tool Use
0.60
Persistent Memory
0.40
Contextual Awareness
0.80
Dynamic Identity
0.20
Multi-Agent Interactions
0.30
Non-Determinism
0.50
Opacity & Reflexivity
0.60

Scored with the canonical OWASP AIVSS formula (AIVSS calculator reference); agentic risk factors estimated from the agent’s described capabilities.

MAESTRO 7-layer threat model

Per-layer threats for this agent. Layers tagged “not certain from listing” are general, caveated commentary where the public description didn’t pin that layer.

L1 · Foundation Models✓ mapped

Supports multi-LLM compatibility, allowing integration with any foundation model. This introduces risks of model-specific vulnerabilities, adversarial prompt injection, and misaligned outputs depending on the chosen LLM provider.

L2 · Data Operations✓ mapped

Utilizes proprietary 'Advanced Graph RAG' technology. This creates a high-value target for data/knowledge-base poisoning, embedding inversion, and unauthorized data exfiltration from connected enterprise data sources.

L3 · Agent Frameworks⚠ not certain from listing

Not certain from the listing — the specific orchestration framework, planning mechanisms, and tool-calling protocols are not detailed, though process automation capabilities imply integration with external APIs and potential tool misuse risks.

L4 · Deployment & Infrastructure✓ mapped

Cloud-agnostic deployment model supporting public or private clouds. This introduces infrastructure risks related to container security, host compromise, and varying security postures across different cloud providers.

L5 · Evaluation & Observability⚠ not certain from listing

Not certain from the listing — evaluation, monitoring, logging, and real-time guardrail mechanisms are not explicitly mentioned in the provided features.

L6 · Security & Compliance (cross-cutting)✓ mapped

Claims data security and compliance with GDPR, utilizing encryption and control mechanisms. However, the exact implementation of identity, authorization, and audit policies remains unspecified.

L7 · Agent Ecosystem⚠ not certain from listing

Not certain from the listing — while it delivers 'virtual assistants' (plural), there is no explicit mention of a multi-agent coordination framework, marketplace, or agent-to-agent trust boundaries.

MAESTRO — the 7-layer agentic threat-modeling framework (Cloud Security Alliance / Ken Huang).