AgentReadyHomeAgent Listing

← Relevance AI

Relevance AI — agentic threat model

7.2AIVSS 7.2 · High

Relevance AI presents a high agentic risk profile due to its multi-agent deployment capabilities and custom tool builder, which allow agents to execute complex, multi-step business workflows. However, its SOC 2 Type II compliance provides a validated baseline of security controls to mitigate infrastructure and operational risks.

OWASP AIVSS score rationale

AIVSS = (CVSS_Base + AARS) × Mitigation_Factor, where AARS = (10 − CVSS_Base) × (Factor_Sum / 10) × ThM
CVSS base 8.5AARS uplift 1.05Factor sum 7.0/10Threat ×1.0Mitigation ×0.75
Autonomy of Action
0.80
Goal-Driven Planning
0.80
Self-Modification
0.30
Dynamic Tool Use
0.90
Persistent Memory
0.60
Contextual Awareness
0.80
Dynamic Identity
0.50
Multi-Agent Interactions
0.90
Non-Determinism
0.70
Opacity & Reflexivity
0.70

Scored with the canonical OWASP AIVSS formula (AIVSS calculator reference); agentic risk factors estimated from the agent’s described capabilities.

MAESTRO 7-layer threat model

Per-layer threats for this agent. Layers tagged “not certain from listing” are general, caveated commentary where the public description didn’t pin that layer.

L1 · Foundation Models✓ mapped

Supports multiple foundation models (multi-model support), exposing the platform to model-specific vulnerabilities such as adversarial prompt injection, model alignment drift, and potential data leakage depending on the underlying third-party LLM providers used.

L2 · Data Operations⚠ not certain from listing

Not certain from the listing — while the platform supports custom tools and integrations, specific vector database configurations, RAG pipelines, or data ingestion security controls are not detailed.

L3 · Agent Frameworks✓ mapped

High risk of tool misuse and insecure tool integration due to the 'tool builder for integrations' feature, which allows users to construct custom agent skills. Vulnerabilities in orchestration code could lead to unauthorized tool execution or prompt injection-driven tool hijacking.

L4 · Deployment & Infrastructure⚠ not certain from listing

Not certain from the listing — details on hosting environments, sandboxing of custom-built tools, and network isolation for multi-agent execution are not specified, though SOC 2 Type II compliance suggests standard enterprise infrastructure controls are in place.

L5 · Evaluation & Observability⚠ not certain from listing

Not certain from the listing — specific evaluation frameworks, real-time guardrails, or observability tools for monitoring multi-agent interactions are not described in the directory listing.

L6 · Security & Compliance (cross-cutting)✓ mapped

Demonstrates strong compliance posture by explicitly achieving SOC 2 Type II compliance, indicating established security controls, audit trails, and organizational security policies to protect tenant data.

L7 · Agent Ecosystem✓ mapped

High exposure to agent-to-agent (A2A) trust abuse and cascading failures due to its core feature of deploying multi-agent systems. A compromise in one agent or tool could laterally propagate across the entire deployed AI workforce.

MAESTRO — the 7-layer agentic threat-modeling framework (Cloud Security Alliance / Ken Huang).