Holiwise — agentic threat model
Holiwise is a collaborative travel planning agent with moderate risk, primarily driven by its integration with booking APIs, handling of user PII, and multi-user trip coordination which could be targeted for unauthorized data access or booking manipulation.
OWASP AIVSS score rationale
| Autonomy of Action | 0.60 | |
| Goal-Driven Planning | 0.80 | |
| Self-Modification | 0.10 | |
| Dynamic Tool Use | 0.60 | |
| Persistent Memory | 0.70 | |
| Contextual Awareness | 0.70 | |
| Dynamic Identity | 0.20 | |
| Multi-Agent Interactions | 0.20 | |
| Non-Determinism | 0.60 | |
| Opacity & Reflexivity | 0.50 |
Scored with the canonical OWASP AIVSS formula (AIVSS calculator reference); agentic risk factors estimated from the agent’s described capabilities.
MAESTRO 7-layer threat model
Per-layer threats for this agent. Layers tagged “not certain from listing” are general, caveated commentary where the public description didn’t pin that layer.
Not certain from the listing — likely utilizes commercial LLMs for generating tailored itineraries and recommendations. Threats include prompt injection that could manipulate travel recommendations or redirect users to malicious booking links.
Not certain from the listing — processes user preferences, trip details, and real-time travel data (flights, hotels). Threats include exfiltration of sensitive travel itineraries and PII, or poisoning of the recommendation data store.
Not certain from the listing — orchestrates multi-step planning and booking tool execution. Threats include insecure tool integration with external travel APIs and manipulation of the planning logic via indirect prompt injection.
Not certain from the listing — deployed as a closed-source web application. Threats include standard web application vulnerabilities, insecure API endpoints, and potential exposure of API keys used to query travel partners.
Not certain from the listing — no public details on guardrails or monitoring. Threats include a lack of observability into LLM outputs, allowing hallucinated or malicious travel recommendations to reach the end user undetected.
Not certain from the listing — manages collaborative planning among friends and family. Threats include Broken Object Level Authorization (BOLA) allowing unauthorized users to view or modify shared trip itineraries, and potential PCI-DSS compliance gaps if handling booking payments.
Not certain from the listing — operates primarily as a single-agent platform interacting with external APIs. Threats include cascading failures or trust abuse if third-party flight/hotel booking systems are compromised.
MAESTRO — the 7-layer agentic threat-modeling framework (Cloud Security Alliance / Ken Huang).
These scores are auto-generated from public information (the agent's own listing, docs, and repository) using the canonical OWASP AIVSS formula and the MAESTRO framework — an estimate for guidance, not a penetration test, audit, or certification. See the scoring methodology. Are you the vendor? Factual corrections are free.