AgentReadyHomeAgent Listing

← Amanah Agent AI

Amanah Agent AI — agentic threat model

8.7AIVSS 8.7 · High

Amanah Agent AI presents a moderate-to-high risk profile due to its integration with public-facing communication channels like WhatsApp and voice calls, which increases the surface area for prompt injection and unauthorized workflow execution. The lack of explicit security guardrails or compliance certifications in the listing highlights potential exposure when deployed in sensitive sectors like healthcare and e-commerce.

OWASP AIVSS score rationale

AIVSS = (CVSS_Base + AARS) × Mitigation_Factor, where AARS = (10 − CVSS_Base) × (Factor_Sum / 10) × ThM
CVSS base 7.5AARS uplift 1.21Factor sum 4.6/10Threat ×1.05Mitigation ×1.0
Autonomy of Action
0.70
Goal-Driven Planning
0.50
Self-Modification
0.10
Dynamic Tool Use
0.60
Persistent Memory
0.50
Contextual Awareness
0.60
Dynamic Identity
0.20
Multi-Agent Interactions
0.20
Non-Determinism
0.70
Opacity & Reflexivity
0.50

Scored with the canonical OWASP AIVSS formula (AIVSS calculator reference); agentic risk factors estimated from the agent’s described capabilities.

MAESTRO 7-layer threat model

Per-layer threats for this agent. Layers tagged “not certain from listing” are general, caveated commentary where the public description didn’t pin that layer.

L1 · Foundation Models⚠ not certain from listing

Not certain from the listing — likely relies on third-party LLMs for chat and voice processing. Primary threats include prompt injection bypassing visual workflows, leading to toxic or misaligned outputs directly exposed to customers over voice and WhatsApp.

L2 · Data Operations⚠ not certain from listing

Not certain from the listing — supports 'knowledge-base training' and 'business objects'. This introduces risks of knowledge-base poisoning (e.g., uploading malicious documents to alter agent behavior) and unauthorized exfiltration of sensitive customer data stored in the knowledge base.

L3 · Agent Frameworks✓ mapped

The platform utilizes a visual 'workflow builder' and 'chatbot builder' to orchestrate actions. Threats include insecure tool integration with ticketing systems and prompt injection manipulating the workflow logic to trigger unauthorized API calls.

L4 · Deployment & Infrastructure⚠ not certain from listing

Not certain from the listing — hosted SaaS platform supporting multi-channel deployment (WhatsApp, Voice). Key threats include the exposure of sensitive API keys for communication channels and potential container/host compromise on the hosting infrastructure.

L5 · Evaluation & Observability✓ mapped

The listing mentions 'analytics' but lacks details on security-specific monitoring or LLM guardrails. This creates a blind spot for detecting prompt injection attempts, drift, or anomalous agent behavior in real-time.

L6 · Security & Compliance (cross-cutting)⚠ not certain from listing

Not certain from the listing — despite targeting sensitive industries like Healthcare and E-commerce, there is no mention of compliance frameworks (e.g., HIPAA, SOC2) or robust role-based access control (RBAC) for the no-code builder.

L7 · Agent Ecosystem⚠ not certain from listing

Not certain from the listing — no explicit multi-agent marketplace or agent-to-agent (A2A) protocols are described. Risks are primarily limited to horizontal integration vulnerabilities with external CRM and ticketing ecosystems.

MAESTRO — the 7-layer agentic threat-modeling framework (Cloud Security Alliance / Ken Huang).