AgentReadyHomeAgent ListingPricing

← New Computer

New Computer — agentic threat model

8.7AIVSS 8.7 · High

New Computer acts as a highly personalized assistant with deep access to user memory and daily organization, presenting high privacy and data exfiltration risks if compromised, despite limited autonomous execution capabilities.

OWASP AIVSS score rationale

AIVSS = (CVSS_Base + AARS) × Mitigation_Factor, where AARS = (10 − CVSS_Base) × (Factor_Sum / 10) × ThM
CVSS base 7.5AARS uplift 1.23Factor sum 4.9/10Threat ×1.0Mitigation ×1.0
Autonomy of Action
0.40
Goal-Driven Planning
0.50
Self-Modification
0.10
Dynamic Tool Use
0.50
Persistent Memory
0.80
Contextual Awareness
0.70
Dynamic Identity
0.50
Multi-Agent Interactions
0.10
Non-Determinism
0.60
Opacity & Reflexivity
0.70

Scored with the canonical OWASP AIVSS formula (AIVSS calculator reference); agentic risk factors estimated from the agent’s described capabilities.

MAESTRO 7-layer threat model

Per-layer threats for this agent. Layers tagged “not certain from listing” are general, caveated commentary where the public description didn’t pin that layer.

L1 · Foundation Models⚠ not certain from listing

Not certain from the listing — likely relies on third-party foundation models which are susceptible to prompt injection, jailbreaking, and indirect prompt injection via user-provided content.

L2 · Data Operations✓ mapped

Critical layer for this agent due to its core 'remember' and 'organize' functions. It likely utilizes a vector database or long-term state storage containing highly sensitive personal data, making it vulnerable to data exfiltration, unauthorized access, and memory poisoning.

L3 · Agent Frameworks✓ mapped

The orchestration framework must manage personal context and tool execution (e.g., calendar, notes). Vulnerabilities include insecure tool integration and prompt injection leading to unauthorized actions on behalf of the user.

L4 · Deployment & Infrastructure⚠ not certain from listing

Not certain from the listing — hosting and infrastructure details are proprietary. Risks include insecure API credential storage for connected personal accounts and lack of robust tenant isolation.

L5 · Evaluation & Observability⚠ not certain from listing

Not certain from the listing — closed-source nature prevents verification of logging, guardrails, or anomaly detection mechanisms to identify malicious inputs or unauthorized data access.

L6 · Security & Compliance (cross-cutting)⚠ not certain from listing

Not certain from the listing — handling personal life data requires strict adherence to privacy regulations (GDPR, CCPA), but no compliance certifications or data deletion policies are detailed in the public listing.

L7 · Agent Ecosystem⚠ not certain from listing

Not certain from the listing — there is no explicit mention of multi-agent collaboration or marketplace integrations, suggesting a single-agent architecture with low ecosystem risk.

MAESTRO — the 7-layer agentic threat-modeling framework (Cloud Security Alliance / Ken Huang).

These scores are auto-generated from public information (the agent's own listing, docs, and repository) using the canonical OWASP AIVSS formula and the MAESTRO framework — an estimate for guidance, not a penetration test, audit, or certification. See the scoring methodology. Are you the vendor? Factual corrections are free.