AgentReadyHomeAgent Listing

← Xaver

Xaver — agentic threat model

7.6AIVSS 7.6 · High

Xaver presents a high-risk profile due to its high autonomy in executing financial transactions (trades, rebalancings, account openings) via its multi-agent platform. While its focus on explainable AI and regulatory compliance mitigates some opacity risks, a compromise could lead to severe financial and regulatory consequences.

OWASP AIVSS score rationale

AIVSS = (CVSS_Base + AARS) × Mitigation_Factor, where AARS = (10 − CVSS_Base) × (Factor_Sum / 10) × ThM
CVSS base 8.5AARS uplift 1.01Factor sum 6.4/10Threat ×1.05Mitigation ×0.8
Autonomy of Action
0.90
Goal-Driven Planning
0.80
Self-Modification
0.10
Dynamic Tool Use
0.90
Persistent Memory
0.50
Contextual Awareness
0.80
Dynamic Identity
0.60
Multi-Agent Interactions
0.90
Non-Determinism
0.50
Opacity & Reflexivity
0.40

Scored with the canonical OWASP AIVSS formula (AIVSS calculator reference); agentic risk factors estimated from the agent’s described capabilities.

MAESTRO 7-layer threat model

Per-layer threats for this agent. Layers tagged “not certain from listing” are general, caveated commentary where the public description didn’t pin that layer.

L1 · Foundation Models✓ mapped

Uses LLMs, open-source, and BYO models. Threats include adversarial prompt injection leading to unauthorized financial advice, model misalignment, and potential model stealing of proprietary advisory logic.

L2 · Data Operations⚠ not certain from listing

Not certain from the listing — details on vector databases or RAG pipelines are not explicitly disclosed, but the agent likely processes sensitive financial and behavioral customer data, making data poisoning or exfiltration a critical risk.

L3 · Agent Frameworks✓ mapped

Orchestrates actions via the Xaver One platform to perform trades, rebalancings, and account openings. Threats include insecure tool integration and unauthorized execution of financial transactions due to prompt injection or tool misuse.

L4 · Deployment & Infrastructure⚠ not certain from listing

Not certain from the listing — specific hosting, sandboxing, or network isolation details are not provided, though the infrastructure must handle highly sensitive financial transactions and API integrations securely.

L5 · Evaluation & Observability✓ mapped

Features automated AI benchmarking and explainable AI. Threats include explainability bypass, blind spots in automated benchmarking, or drift in behavioral evaluation leading to non-compliant advisory outputs.

L6 · Security & Compliance (cross-cutting)✓ mapped

Operates within a 'fully regulated' framework with 'explainable AI for specific regulatory processes'. Threats include compliance violations if explainability fails, unauthorized financial transactions, and lack of robust audit trails for automated trades.

L7 · Agent Ecosystem✓ mapped

Uses the Xaver One multi-agent platform. Threats include multi-agent coordination failures, cascading trust issues between advisory agents and execution agents, and horizontal solution vulnerabilities.

MAESTRO — the 7-layer agentic threat-modeling framework (Cloud Security Alliance / Ken Huang).