AgentReadyHomeAgent Listing

← Voxworks

Voxworks — agentic threat model

7.7AIVSS 7.7 · High

Voxworks poses moderate-to-high risk due to its autonomous 24/7 voice interaction capabilities in sensitive sectors like medical and finance, where voice-based prompt injection or unauthorized tool execution (e.g., CRM/booking updates) could lead to data exposure or operational disruption.

OWASP AIVSS score rationale

AIVSS = (CVSS_Base + AARS) × Mitigation_Factor, where AARS = (10 − CVSS_Base) × (Factor_Sum / 10) × ThM
CVSS base 7.5AARS uplift 1.05Factor sum 4.2/10Threat ×1.0Mitigation ×0.9
Autonomy of Action
0.70
Goal-Driven Planning
0.40
Self-Modification
0.10
Dynamic Tool Use
0.50
Persistent Memory
0.40
Contextual Awareness
0.60
Dynamic Identity
0.20
Multi-Agent Interactions
0.20
Non-Determinism
0.60
Opacity & Reflexivity
0.50

Scored with the canonical OWASP AIVSS formula (AIVSS calculator reference); agentic risk factors estimated from the agent’s described capabilities.

MAESTRO 7-layer threat model

Per-layer threats for this agent. Layers tagged “not certain from listing” are general, caveated commentary where the public description didn’t pin that layer.

L1 · Foundation Models⚠ not certain from listing

Not certain from the listing — Voxworks likely utilizes third-party LLMs and text-to-speech/speech-to-text models. Threats include voice-based prompt injection (audio injection/vishing), model reprogramming, and adversarial audio inputs designed to bypass system prompts.

L2 · Data Operations✓ mapped

Voxworks guarantees local Australian data residency. Threats include unauthorized access to stored call recordings, transcripts, or customer PII within the local hosting environment, as well as potential data exfiltration if the local storage is misconfigured.

L3 · Agent Frameworks⚠ not certain from listing

Not certain from the listing — The agent framework orchestrates voice call flows and likely integrates with external business tools (CRMs, calendars). Threats include insecure tool integration, state manipulation during live calls, and memory poisoning if call history is used to influence future interactions.

L4 · Deployment & Infrastructure⚠ not certain from listing

Not certain from the listing — The platform is hosted locally in Australia. Threats include SIP trunk hijacking, telephony infrastructure compromise, and unauthorized access to the hosting servers or API endpoints connecting the voice agent to the telecom network.

L5 · Evaluation & Observability⚠ not certain from listing

Not certain from the listing — It is unclear what real-time guardrails or monitoring are in place. Threats include a lack of low-latency voice guardrails, allowing users to socially engineer the agent or exploit conversational drift without immediate detection.

L6 · Security & Compliance (cross-cutting)✓ mapped

Voxworks emphasizes data sovereignty and local Australian residency, aligning with Australian Privacy Principles (APPs). Threats include compliance violations if downstream integrations or sub-processors transfer data outside Australia, or if access controls to call logs are insufficient.

L7 · Agent Ecosystem⚠ not certain from listing

Not certain from the listing — The agent operates primarily as a standalone telephony solution. Threats are limited to horizontal integrations (e.g., CRM, booking systems) where a compromise of the voice agent could lead to cascading unauthorized actions in connected business systems.

MAESTRO — the 7-layer agentic threat-modeling framework (Cloud Security Alliance / Ken Huang).