AgentReadyHomeAgent ListingPricing

← Vendelux

Vendelux — agentic threat model

9.3AIVSS 9.3 · Critical

Vendelux presents a high-risk profile due to its autonomous outreach capabilities and direct write integrations with critical business systems like Salesforce and HubSpot, where a compromise could lead to widespread data exfiltration or brand damage through automated spam.

OWASP AIVSS score rationale

AIVSS = (CVSS_Base + AARS) × Mitigation_Factor, where AARS = (10 − CVSS_Base) × (Factor_Sum / 10) × ThM
CVSS base 8.5AARS uplift 0.8Factor sum 5.1/10Threat ×1.05Mitigation ×1.0
Autonomy of Action
0.80
Goal-Driven Planning
0.70
Self-Modification
0.10
Dynamic Tool Use
0.70
Persistent Memory
0.60
Contextual Awareness
0.60
Dynamic Identity
0.30
Multi-Agent Interactions
0.20
Non-Determinism
0.60
Opacity & Reflexivity
0.50

Scored with the canonical OWASP AIVSS formula (AIVSS calculator reference); agentic risk factors estimated from the agent’s described capabilities.

MAESTRO 7-layer threat model

Per-layer threats for this agent. Layers tagged “not certain from listing” are general, caveated commentary where the public description didn’t pin that layer.

L1 · Foundation Models⚠ not certain from listing

Not certain from the listing — likely utilizes commercial LLMs for generating personalized outreach and matching events to ICPs. Vulnerable to prompt injection that could alter outreach templates or generate malicious content.

L2 · Data Operations⚠ not certain from listing

Not certain from the listing — ingests event attendee lists, ICP definitions, and CRM data. Vulnerable to data poisoning if malicious attendee data is ingested, or data exfiltration of sensitive CRM contacts.

L3 · Agent Frameworks✓ mapped

Orchestrates multi-step workflows including event discovery, list building, and automated outreach. Vulnerable to tool misuse where the agent could execute unauthorized CRM modifications or send unintended emails due to planning failures.

L4 · Deployment & Infrastructure⚠ not certain from listing

Not certain from the listing — hosted as a closed-source SaaS platform. The primary infrastructure threat is the secure storage and handling of highly sensitive CRM OAuth tokens and API credentials.

L5 · Evaluation & Observability⚠ not certain from listing

Not certain from the listing — no details are provided regarding guardrails, human-in-the-loop verification for automated bookings, or monitoring of generated outreach emails before transmission.

L6 · Security & Compliance (cross-cutting)✓ mapped

Requires deep integration with enterprise CRMs (Salesforce, HubSpot), necessitating robust OAuth access controls and data privacy compliance, though specific certifications are not detailed in the listing.

L7 · Agent Ecosystem✓ mapped

Interacts with external email ecosystems and CRM platforms. Vulnerable to cascading failures if downstream CRM APIs change, or if email providers flag the automated outreach as spam, damaging domain reputation.

MAESTRO — the 7-layer agentic threat-modeling framework (Cloud Security Alliance / Ken Huang).

These scores are auto-generated from public information (the agent's own listing, docs, and repository) using the canonical OWASP AIVSS formula and the MAESTRO framework — an estimate for guidance, not a penetration test, audit, or certification. See the scoring methodology. Are you the vendor? Factual corrections are free.