SignalHero — agentic threat model

Not certain from the listing — likely relies on commercial LLMs to power its AI Customer Success Agent. Threats include prompt injection that could hijack the agent's reasoning to trigger unauthorized customer communications or account modifications.

Not certain from the listing — ingests CRM data and curated buyer signals to identify churn and upsell opportunities. Threats include data poisoning of intent signals to manipulate the agent's behavior, and unauthorized exfiltration of sensitive customer data.

The agent orchestrates complex tasks across 1,000+ integrations to independently execute renewals and expansion plays. Threats include tool misuse, where malicious inputs cause the agent to invoke CRM write-actions or external communication tools in unintended ways.

Not certain from the listing — hosted as a closed-source SaaS platform. Threats include insecure storage of API keys/secrets for the 1,000+ integrations, and potential lateral movement if the hosting environment is compromised.

Not certain from the listing — no mention of guardrails, evaluation frameworks, or monitoring. Threats include blind spots in autonomous actions, allowing the agent to repeatedly execute incorrect or harmful customer-facing actions without detection.

Not certain from the listing — closed source and freemium model with no explicit security certifications (e.g., SOC2) or access control policies mentioned. Threats include unauthorized access to connected CRM systems and lack of audit trails for autonomous actions.

Not certain from the listing — operates as a digital worker interacting with external CRM ecosystems and communication channels. Threats include cascading failures if connected APIs are compromised, or trust abuse where the agent is manipulated by external malicious emails/signals.