AgentReadyHomeAgent ListingPricing

← Knock AI Agent

Knock AI Agent — agentic threat model

6.8AIVSS 6.8 · Medium

Knock AI Agent presents a moderate risk profile as an automated, public-facing SDR that integrates directly with CRMs and scheduling tools. Its primary vulnerabilities stem from prompt injection via public website chat, which could lead to unauthorized CRM data manipulation or scheduling abuse.

OWASP AIVSS score rationale

AIVSS = (CVSS_Base + AARS) × Mitigation_Factor, where AARS = (10 − CVSS_Base) × (Factor_Sum / 10) × ThM
CVSS base 6.3AARS uplift 1.67Factor sum 4.5/10Threat ×1.0Mitigation ×0.85
Autonomy of Action
0.60
Goal-Driven Planning
0.50
Self-Modification
0.00
Dynamic Tool Use
0.60
Persistent Memory
0.40
Contextual Awareness
0.70
Dynamic Identity
0.20
Multi-Agent Interactions
0.40
Non-Determinism
0.50
Opacity & Reflexivity
0.60

Scored with the canonical OWASP AIVSS formula (AIVSS calculator reference); agentic risk factors estimated from the agent’s described capabilities.

MAESTRO 7-layer threat model

Per-layer threats for this agent. Layers tagged “not certain from listing” are general, caveated commentary where the public description didn’t pin that layer.

L1 · Foundation Models⚠ not certain from listing

Not certain from the listing — the specific foundation models used are not disclosed. Threats include prompt injection via public-facing chat inputs, adversarial manipulation of buyer intent qualification, and model output drift.

L2 · Data Operations⚠ not certain from listing

Not certain from the listing — details regarding vector databases, training data, or RAG pipelines are not provided. Threats include data exfiltration of sensitive CRM records and poisoning of buyer intent context data.

L3 · Agent Frameworks✓ mapped

The agent orchestrates multi-step workflows including lead qualification, CRM routing, and demo booking. Threats include tool misuse where malicious inputs trigger unauthorized CRM updates or calendar spamming.

L4 · Deployment & Infrastructure⚠ not certain from listing

Not certain from the listing — hosting, sandboxing, and secrets management details for the SaaS platform are not disclosed. Threats include API key exposure for integrated CRMs and container breakout.

L5 · Evaluation & Observability⚠ not certain from listing

Not certain from the listing — while the system supports human-in-the-loop handoffs, specific guardrails, logging, and drift monitoring frameworks are not detailed.

L6 · Security & Compliance (cross-cutting)⚠ not certain from listing

Not certain from the listing — no explicit compliance certifications (e.g., SOC2, GDPR) or identity governance policies are mentioned in the public directory listing.

L7 · Agent Ecosystem✓ mapped

The agent operates within Knock AI's broader B2B funnel ecosystem, interacting with scheduling, outreach, and CRM enrichment tools. Threats include cascading failures and trust abuse between the routing agent and external SaaS integrations.

MAESTRO — the 7-layer agentic threat-modeling framework (Cloud Security Alliance / Ken Huang).

These scores are auto-generated from public information (the agent's own listing, docs, and repository) using the canonical OWASP AIVSS formula and the MAESTRO framework — an estimate for guidance, not a penetration test, audit, or certification. See the scoring methodology. Are you the vendor? Factual corrections are free.