AgentReadyHomeAgent Listing

← AI Agent Reic

AI Agent Reic — agentic threat model

5.5AIVSS 5.5 · Medium

AI Agent Reic is a low-autonomy real estate analytics assistant whose primary risks stem from incorrect financial calculations (due to prompt injection or outdated tax data) rather than autonomous execution or system compromise.

OWASP AIVSS score rationale

AIVSS = (CVSS_Base + AARS) × Mitigation_Factor, where AARS = (10 − CVSS_Base) × (Factor_Sum / 10) × ThM
CVSS base 4.8AARS uplift 0.74Factor sum 1.5/10Threat ×0.95Mitigation ×1.0
Autonomy of Action
0.20
Goal-Driven Planning
0.10
Self-Modification
0.00
Dynamic Tool Use
0.20
Persistent Memory
0.10
Contextual Awareness
0.40
Dynamic Identity
0.00
Multi-Agent Interactions
0.00
Non-Determinism
0.30
Opacity & Reflexivity
0.20

Scored with the canonical OWASP AIVSS formula (AIVSS calculator reference); agentic risk factors estimated from the agent’s described capabilities.

MAESTRO 7-layer threat model

Per-layer threats for this agent. Layers tagged “not certain from listing” are general, caveated commentary where the public description didn’t pin that layer.

L1 · Foundation Models⚠ not certain from listing

Not certain from the listing — likely utilizes a commercial LLM to power LandChat. Primary threats include prompt injection that could manipulate the chatbot into giving false financial advice or bypassing calculation constraints.

L2 · Data Operations⚠ not certain from listing

Not certain from the listing — relies on reference data for Spanish market rules (ITP, fiscal deductions) and comparative properties. Data poisoning or outdated tax tables could lead to systemic calculation errors.

L3 · Agent Frameworks⚠ not certain from listing

Not certain from the listing — orchestrates user queries across 13 specialized calculators. Insecure tool integration could allow malicious inputs to exploit the underlying calculation APIs.

L4 · Deployment & Infrastructure⚠ not certain from listing

Not certain from the listing — deployed as a closed-source web application. Standard web application vulnerabilities (OWASP Top 10) apply to the hosting infrastructure and LandChat landing page.

L5 · Evaluation & Observability⚠ not certain from listing

Not certain from the listing — no explicit evaluation or observability mechanisms are mentioned. Lack of drift detection for changing Spanish tax laws poses a risk of silent calculation failures.

L6 · Security & Compliance (cross-cutting)⚠ not certain from listing

Not certain from the listing — no compliance certifications (such as GDPR for European/Spanish user data) or access control policies are specified.

L7 · Agent Ecosystem⚠ not certain from listing

Not certain from the listing — operates as a standalone vertical tool with no indicated multi-agent or ecosystem integrations.

MAESTRO — the 7-layer agentic threat-modeling framework (Cloud Security Alliance / Ken Huang).