AgentReadyHomeAgent Listing

← Riviera

Riviera — agentic threat model

9.0AIVSS 9.0 · Critical

Riviera acts as an autonomous voice agent with direct write-access to hotel Property Management Systems (PMS), presenting a high-risk profile due to public-facing telephony exposure and the potential for unauthorized reservations, financial fraud, or guest PII exfiltration.

OWASP AIVSS score rationale

AIVSS = (CVSS_Base + AARS) × Mitigation_Factor, where AARS = (10 − CVSS_Base) × (Factor_Sum / 10) × ThM
CVSS base 8.1AARS uplift 0.94Factor sum 4.7/10Threat ×1.05Mitigation ×1.0
Autonomy of Action
0.80
Goal-Driven Planning
0.60
Self-Modification
0.10
Dynamic Tool Use
0.70
Persistent Memory
0.50
Contextual Awareness
0.60
Dynamic Identity
0.20
Multi-Agent Interactions
0.10
Non-Determinism
0.50
Opacity & Reflexivity
0.60

Scored with the canonical OWASP AIVSS formula (AIVSS calculator reference); agentic risk factors estimated from the agent’s described capabilities.

MAESTRO 7-layer threat model

Per-layer threats for this agent. Layers tagged “not certain from listing” are general, caveated commentary where the public description didn’t pin that layer.

L1 · Foundation Models⚠ not certain from listing

Not certain from the listing — likely utilizes a fine-tuned LLM combined with speech-to-text (STT) and text-to-speech (TTS) models. Key threats include voice-based prompt injection (vishing-style exploits) to bypass booking rules or reprogram agent behavior during a call.

L2 · Data Operations⚠ not certain from listing

Not certain from the listing — mentions being 'trained on hotel-specific data' and integrating with reservation systems. This introduces risks of training data poisoning, unauthorized extraction of guest PII, and database leakage via conversational querying.

L3 · Agent Frameworks⚠ not certain from listing

Not certain from the listing — orchestrates voice inputs into structured API calls for property management systems (PMS). Threats include insecure tool execution, where malicious voice inputs trigger unauthorized booking modifications, cancellations, or room service orders.

L4 · Deployment & Infrastructure⚠ not certain from listing

Not certain from the listing — requires telephony/VoIP infrastructure integration alongside cloud hosting. Vulnerabilities include SIP trunk hijacking, toll fraud, and insecure storage of audio call recordings containing sensitive guest information.

L5 · Evaluation & Observability⚠ not certain from listing

Not certain from the listing — no mention of real-time voice guardrails, call transcript logging, or anomaly detection. Lack of observability could allow persistent exploitation of the reservation system to go unnoticed.

L6 · Security & Compliance (cross-cutting)⚠ not certain from listing

Not certain from the listing — handling hotel bookings and room service orders implies processing payment cards (PCI-DSS) and guest PII (GDPR/CCPA), but the listing does not detail encryption, access controls, or compliance certifications.

L7 · Agent Ecosystem⚠ not certain from listing

Not certain from the listing — operates primarily as a single-agent system integrated with external APIs rather than participating in a multi-agent ecosystem or marketplace.

MAESTRO — the 7-layer agentic threat-modeling framework (Cloud Security Alliance / Ken Huang).