AgentReadyHomeAgent ListingPricing

← RightMatch AI

RightMatch AI — agentic threat model

8.1AIVSS 8.1 · High

RightMatch AI presents moderate agentic risk, primarily driven by its handling of highly sensitive candidate PII, video, and audio data, combined with the potential for algorithmic bias or manipulation in its automated scoring and transcription processes.

OWASP AIVSS score rationale

AIVSS = (CVSS_Base + AARS) × Mitigation_Factor, where AARS = (10 − CVSS_Base) × (Factor_Sum / 10) × ThM
CVSS base 7.5AARS uplift 0.55Factor sum 2.2/10Threat ×1.0Mitigation ×1.0
Autonomy of Action
0.30
Goal-Driven Planning
0.20
Self-Modification
0.00
Dynamic Tool Use
0.10
Persistent Memory
0.20
Contextual Awareness
0.40
Dynamic Identity
0.00
Multi-Agent Interactions
0.00
Non-Determinism
0.50
Opacity & Reflexivity
0.50

Scored with the canonical OWASP AIVSS formula (AIVSS calculator reference); agentic risk factors estimated from the agent’s described capabilities.

MAESTRO 7-layer threat model

Per-layer threats for this agent. Layers tagged “not certain from listing” are general, caveated commentary where the public description didn’t pin that layer.

L1 · Foundation Models⚠ not certain from listing

Not certain from the listing — likely utilizes third-party multimodal models for video/audio transcription and scoring. Primary threats include prompt injection to manipulate candidate scores and adversarial inputs designed to bypass screening criteria.

L2 · Data Operations⚠ not certain from listing

Not certain from the listing — processes and stores highly sensitive candidate data including video, audio, screen recordings, and transcripts. Key threats include unauthorized data exfiltration of candidate PII and potential leakage of proprietary interview questions.

L3 · Agent Frameworks⚠ not certain from listing

Not certain from the listing — orchestration likely manages the structured interview flow and scoring pipeline. Threats include insecure integration of video/audio processing libraries and manipulation of the scoring logic via prompt injection.

L4 · Deployment & Infrastructure⚠ not certain from listing

Not certain from the listing — requires cloud infrastructure capable of handling heavy media processing and storage. Threats include misconfigured storage buckets containing raw candidate recordings and lack of sandboxing during media transcoding.

L5 · Evaluation & Observability⚠ not certain from listing

Not certain from the listing — requires continuous monitoring to detect bias, drift, or adversarial attempts by candidates to game the automated scoring system. No built-in guardrails or evaluation frameworks are detailed.

L6 · Security & Compliance (cross-cutting)⚠ not certain from listing

Not certain from the listing — as an AI-powered recruitment tool, it falls under high-risk categories in regulations like the EU AI Act, requiring strict bias audits, data privacy controls (GDPR/CCPA), and clear consent mechanisms, none of which are explicitly detailed.

L7 · Agent Ecosystem⚠ not certain from listing

Not certain from the listing — the platform operates primarily as a standalone pre-screening tool and does not explicitly mention multi-agent coordination or external agent marketplace integrations.

MAESTRO — the 7-layer agentic threat-modeling framework (Cloud Security Alliance / Ken Huang).

These scores are auto-generated from public information (the agent's own listing, docs, and repository) using the canonical OWASP AIVSS formula and the MAESTRO framework — an estimate for guidance, not a penetration test, audit, or certification. See the scoring methodology. Are you the vendor? Factual corrections are free.