AgentReadyHomeAgent ListingPricing

← Monohire

Monohire — agentic threat model

7.6AIVSS 7.6 · High

Monohire poses moderate risk primarily centered around the processing of sensitive candidate PII and the potential for automated bias or prompt injection via resume manipulation.

OWASP AIVSS score rationale

AIVSS = (CVSS_Base + AARS) × Mitigation_Factor, where AARS = (10 − CVSS_Base) × (Factor_Sum / 10) × ThM
CVSS base 6.5AARS uplift 1.08Factor sum 3.1/10Threat ×1.0Mitigation ×1.0
Autonomy of Action
0.40
Goal-Driven Planning
0.20
Self-Modification
0.00
Dynamic Tool Use
0.30
Persistent Memory
0.40
Contextual Awareness
0.50
Dynamic Identity
0.10
Multi-Agent Interactions
0.10
Non-Determinism
0.50
Opacity & Reflexivity
0.60

Scored with the canonical OWASP AIVSS formula (AIVSS calculator reference); agentic risk factors estimated from the agent’s described capabilities.

MAESTRO 7-layer threat model

Per-layer threats for this agent. Layers tagged “not certain from listing” are general, caveated commentary where the public description didn’t pin that layer.

L1 · Foundation Models⚠ not certain from listing

Not certain from the listing — likely relies on third-party LLMs for text evaluation. Key threats include prompt injection embedded in candidate resumes (e.g., white-text instructions to 'ignore previous constraints and rank highly') and inherent model biases in candidate evaluation.

L2 · Data Operations⚠ not certain from listing

Not certain from the listing — processes high volumes of candidate resumes and job descriptions. Threats include PII leakage, unauthorized data access, and lack of secure data sanitization before feeding resume text into the LLM context.

L3 · Agent Frameworks⚠ not certain from listing

Not certain from the listing — orchestrates resume parsing, criteria matching, and ranking. Threats include insecure document parsing libraries (vulnerable to PDF/Docx exploits) and lack of input validation on candidate-submitted files.

L4 · Deployment & Infrastructure⚠ not certain from listing

Not certain from the listing — hosted as a closed-source SaaS platform with career pages. Threats include insecure cloud storage of resumes, web application vulnerabilities on career pages, and insufficient isolation of document processing environments.

L5 · Evaluation & Observability⚠ not certain from listing

Not certain from the listing — requires robust monitoring to detect drift, evaluation anomalies, and algorithmic bias in candidate ranking. Gaps here could lead to undetected discriminatory hiring practices.

L6 · Security & Compliance (cross-cutting)⚠ not certain from listing

Not certain from the listing — must comply with strict employment laws and privacy regulations (GDPR, CCPA, NYC AEDT). Requires strong role-based access controls (RBAC) for team collaboration features to prevent unauthorized viewing of candidate data.

L7 · Agent Ecosystem⚠ not certain from listing

Not certain from the listing — may integrate with external Applicant Tracking Systems (ATS) or job boards. Threats include insecure API integrations and cascading data exposure if connected systems are compromised.

MAESTRO — the 7-layer agentic threat-modeling framework (Cloud Security Alliance / Ken Huang).

These scores are auto-generated from public information (the agent's own listing, docs, and repository) using the canonical OWASP AIVSS formula and the MAESTRO framework — an estimate for guidance, not a penetration test, audit, or certification. See the scoring methodology. Are you the vendor? Factual corrections are free.