AgentReadyHomeAgent ListingPricing

← Kwal

Kwal — agentic threat model

8.7AIVSS 8.7 · High

Kwal presents a moderate-to-high risk profile due to its direct integration with over 45 Applicant Tracking Systems and its processing of sensitive candidate PII and emotional analytics. The primary risks stem from potential prompt/audio injection during live voice interviews and unauthorized data exfiltration via ATS integrations.

OWASP AIVSS score rationale

AIVSS = (CVSS_Base + AARS) × Mitigation_Factor, where AARS = (10 − CVSS_Base) × (Factor_Sum / 10) × ThM
CVSS base 7.5AARS uplift 1.18Factor sum 4.7/10Threat ×1.0Mitigation ×1.0
Autonomy of Action
0.70
Goal-Driven Planning
0.50
Self-Modification
0.10
Dynamic Tool Use
0.60
Persistent Memory
0.60
Contextual Awareness
0.50
Dynamic Identity
0.20
Multi-Agent Interactions
0.20
Non-Determinism
0.70
Opacity & Reflexivity
0.60

Scored with the canonical OWASP AIVSS formula (AIVSS calculator reference); agentic risk factors estimated from the agent’s described capabilities.

MAESTRO 7-layer threat model

Per-layer threats for this agent. Layers tagged “not certain from listing” are general, caveated commentary where the public description didn’t pin that layer.

L1 · Foundation Models⚠ not certain from listing

Not certain from the listing — The specific LLMs and text-to-speech/speech-to-text models are not disclosed. However, the voice-based interface introduces risks of adversarial audio injection, voice cloning exploitation, and prompt injection embedded in candidate speech to manipulate the screening outcome.

L2 · Data Operations✓ mapped

Kwal processes highly sensitive candidate PII, resume data, and emotional analysis metrics. The primary threats include data exfiltration of candidate profiles and potential data poisoning if malicious resumes or candidate inputs are ingested into its 'perfect recall' memory system.

L3 · Agent Frameworks✓ mapped

The agent uses adaptive questioning and integrates with 45+ ATS platforms. Insecure tool integration could allow an attacker to exploit the ATS API connection, leading to unauthorized data modification or extraction from the recruitment database.

L4 · Deployment & Infrastructure⚠ not certain from listing

Not certain from the listing — The infrastructure supporting up to 1 million concurrent voice connections is not detailed. Potential threats include telephony/SIP-based denial of service, interception of live audio streams, and unauthorized access to call recordings.

L5 · Evaluation & Observability✓ mapped

Kwal features call monitoring and comprehensive analytics, including emotional analysis. A key threat is the potential for bias or blind spots in the emotional analysis algorithms, as well as the risk of candidates gaming the evaluation metrics.

L6 · Security & Compliance (cross-cutting)⚠ not certain from listing

Not certain from the listing — There is no mention of compliance certifications (e.g., SOC2, GDPR, CCPA) or bias-mitigation audits. Given its role in recruitment, it represents a high-risk AI system under frameworks like the EU AI Act, requiring strict compliance controls.

L7 · Agent Ecosystem✓ mapped

Kwal operates within a broader ecosystem by connecting directly to 45+ external Applicant Tracking Systems. A compromise of Kwal could lead to cascading security failures across these connected HR platforms, allowing lateral movement or bulk data harvesting.

MAESTRO — the 7-layer agentic threat-modeling framework (Cloud Security Alliance / Ken Huang).

These scores are auto-generated from public information (the agent's own listing, docs, and repository) using the canonical OWASP AIVSS formula and the MAESTRO framework — an estimate for guidance, not a penetration test, audit, or certification. See the scoring methodology. Are you the vendor? Factual corrections are free.