Tavus AI — agentic threat model
Tavus AI presents a high-risk profile primarily due to its ability to generate realistic human replicas (voice and video), making it a prime target for identity theft, deepfake generation, and advanced social engineering if compromised.
OWASP AIVSS score rationale
| Autonomy of Action | 0.50 | |
| Goal-Driven Planning | 0.30 | |
| Self-Modification | 0.10 | |
| Dynamic Tool Use | 0.40 | |
| Persistent Memory | 0.40 | |
| Contextual Awareness | 0.80 | |
| Dynamic Identity | 0.90 | |
| Multi-Agent Interactions | 0.20 | |
| Non-Determinism | 0.80 | |
| Opacity & Reflexivity | 0.80 |
Scored with the canonical OWASP AIVSS formula (AIVSS calculator reference); agentic risk factors estimated from the agent’s described capabilities.
MAESTRO 7-layer threat model
Per-layer threats for this agent. Layers tagged “not certain from listing” are general, caveated commentary where the public description didn’t pin that layer.
Uses multimodal foundation models for real-time video, voice, and conversational generation. Key threats include adversarial inputs (voice/visual prompt injection), model stealing of custom replicas, and output misalignment where the avatar generates inappropriate or unauthorized content.
Requires ingestion of highly sensitive biometric data (voice recordings and facial videos) to train custom replicas. Key threats include data poisoning of training sets, unauthorized exfiltration of biometric templates, and lack of secure data lineage for user-submitted media.
Not certain from the listing — orchestration details of the turn-taking model and conversational state are proprietary, but threats likely involve insecure API tool integration and manipulation of conversational logic to bypass safety guardrails.
Not certain from the listing — hosting infrastructure is not specified, but real-time video rendering requires high-performance GPU clusters, raising risks of container compromise, resource exhaustion (DoS), and API key exposure.
Not certain from the listing — real-time guardrails and observability tools for video/audio outputs are not detailed, creating risks of undetected drift, evaluation gaming, or failure to log malicious attempts to generate deepfakes.
Handles highly sensitive biometric data for replica creation, demanding strict compliance with GDPR, CCPA, and the EU AI Act's deepfake transparency requirements. Key threats include identity theft, lack of robust consent verification, and unauthorized avatar generation.
Not certain from the listing — multi-agent interactions are not highlighted, but integration of these lifelike avatars into enterprise ecosystems poses risks of cascading trust abuse if the avatar is used to socially engineer other agents or human operators.
MAESTRO — the 7-layer agentic threat-modeling framework (Cloud Security Alliance / Ken Huang).
These scores are auto-generated from public information (the agent's own listing, docs, and repository) using the canonical OWASP AIVSS formula and the MAESTRO framework — an estimate for guidance, not a penetration test, audit, or certification. See the scoring methodology. Are you the vendor? Factual corrections are free.