Aditi Chile — agentic threat model

Uses proprietary, secure in-house AI models instead of external APIs, reducing third-party data leakage risks. However, these models remain susceptible to adversarial resume parsing attacks (indirect prompt injection designed to artificially boost candidate match scores) and model stealing of their proprietary 'evidence detection' logic.

Processes a massive dataset of 800+ million global profiles and resume data. Key threats include data exfiltration of sensitive PII, compliance failures regarding GDPR 'right to be forgotten' within vector databases, and potential data poisoning if untrusted candidate profiles are ingested into the matching index.

Orchestrates chat-based sourcing and automated candidate matching. The primary threat is prompt injection via the chat-based search interface, which could allow recruiters or unauthorized users to bypass search constraints, access restricted candidate pools, or execute unauthorized actions on integrated ATS systems.

Offers both SaaS and on-premises deployment options. On-premises deployments reduce external exposure but shift the patching and configuration burden to the client, while SaaS deployments face standard cloud infrastructure threats, container escape, and database exposure risks.

Not certain from the listing — there is no explicit mention of real-time LLM guardrails, drift detection, or bias monitoring tools, which are critical for ensuring non-discriminatory AI candidate matching and compliance with local hiring regulations.

Demonstrates strong compliance alignment with SOC 2 and GDPR certifications. Security controls must enforce strict role-based access control (RBAC) to ensure recruiters only access candidate data relevant to their authorized roles and tenant boundaries.

Not certain from the listing — the platform does not describe multi-agent collaboration or delegation to external agent ecosystems, suggesting a self-contained architecture with standard API integrations rather than agent-to-agent trust boundaries.