Air AI — agentic threat model

Not certain from the listing — likely utilizes a pipeline of speech-to-text, LLM, and text-to-speech models. It is highly vulnerable to voice-based prompt injection (vishing attacks) where a human caller manipulates the underlying LLM into executing unauthorized actions or leaking system prompts.

Not certain from the listing — the 'infinite memory and perfect recall' feature implies a persistent database or vector store tracking call history. This introduces risks of memory poisoning, where malicious callers inject false information that is permanently recalled in future interactions.

The agent framework orchestrates complex 10-40 minute calls and connects to over 5,000 applications. This massive integration surface presents extreme risks of tool misuse and insecure tool integration, where a manipulated agent could trigger unintended API calls across connected business systems.

Not certain from the listing — requires a robust cloud telephony (VoIP/SIP) and hosting infrastructure to support 24/7 real-time voice processing. Threats include SIP trunk abuse, toll fraud, and unauthorized access to API keys used for the 5,000+ integrations.

Not certain from the listing — there is no mention of real-time guardrails, call monitoring, or anomaly detection. The lack of visible observability tools for live voice interactions creates a significant blind spot for detecting active exploitation during calls.

Not certain from the listing — operating autonomous phone calls raises severe compliance risks regarding call recording consent (GDPR/CCPA), TCPA regulations, and the potential for the agent to be used for automated social engineering or unauthorized data collection.

Not certain from the listing — while it integrates with 5,000+ applications, it is not explicitly framed as a multi-agent system or part of an open agent marketplace, limiting immediate ecosystem-specific cascading risks.