AgentReadyHomeAgent Listing

← speaq.ai

speaq.ai — agentic threat model

8.7AIVSS 8.7 · High

Speaq.ai presents a moderate-to-high security risk due to its direct integration with enterprise CRMs and its capability to automate actions like appointment scheduling. A compromise or successful prompt injection could lead to unauthorized customer data exfiltration or fraudulent scheduling operations.

OWASP AIVSS score rationale

AIVSS = (CVSS_Base + AARS) × Mitigation_Factor, where AARS = (10 − CVSS_Base) × (Factor_Sum / 10) × ThM
CVSS base 7.5AARS uplift 1.18Factor sum 4.7/10Threat ×1.0Mitigation ×1.0
Autonomy of Action
0.70
Goal-Driven Planning
0.50
Self-Modification
0.10
Dynamic Tool Use
0.60
Persistent Memory
0.50
Contextual Awareness
0.60
Dynamic Identity
0.20
Multi-Agent Interactions
0.20
Non-Determinism
0.70
Opacity & Reflexivity
0.60

Scored with the canonical OWASP AIVSS formula (AIVSS calculator reference); agentic risk factors estimated from the agent’s described capabilities.

MAESTRO 7-layer threat model

Per-layer threats for this agent. Layers tagged “not certain from listing” are general, caveated commentary where the public description didn’t pin that layer.

L1 · Foundation Models⚠ not certain from listing

Not certain from the listing — The underlying LLMs or speech-to-text/text-to-speech foundation models are not specified, leaving the system vulnerable to standard adversarial voice/text prompt injections and model alignment bypasses.

L2 · Data Operations✓ mapped

The agent integrates directly with CRMs and communication platforms, creating a high risk of sensitive customer data exposure, data exfiltration, or database poisoning if malicious inputs are synced into the CRM.

L3 · Agent Frameworks✓ mapped

The agent orchestrates automated appointment scheduling and CRM updates. Insecure tool integration or lack of strict input validation on these API calls could allow attackers to manipulate schedules or execute unauthorized CRM actions.

L4 · Deployment & Infrastructure⚠ not certain from listing

Not certain from the listing — The hosting infrastructure, telephony/WebRTC security, and API credential storage mechanisms are not detailed, posing potential risks of API key exposure or communication interception.

L5 · Evaluation & Observability⚠ not certain from listing

Not certain from the listing — While real-time data analytics are mentioned, it is unclear if there are dedicated security guardrails, anomaly detection for malicious conversations, or robust logging to detect prompt injection attempts.

L6 · Security & Compliance (cross-cutting)⚠ not certain from listing

Not certain from the listing — No specific compliance certifications (such as SOC2, GDPR, or HIPAA) or identity/access management (IAM) controls are detailed for protecting CRM integrations.

L7 · Agent Ecosystem⚠ not certain from listing

Not certain from the listing — The agent primarily operates in a single-agent capacity interacting with human users and APIs, though trust boundaries between the voice agent and the connected CRM ecosystem must be strictly managed.

MAESTRO — the 7-layer agentic threat-modeling framework (Cloud Security Alliance / Ken Huang).