Aomni — agentic threat model

Not certain from the listing — The specific foundation models powering the N-Layer search and chatbot are not disclosed. Threats include model misalignment, prompt injection via untrusted web content during research, and potential model-stealing attacks if proprietary fine-tuning is used.

The agent ingests external web data for research and personalized product/ICP data. This introduces significant risks of data poisoning from malicious web sources (indirect prompt injection) and data exfiltration of sensitive sales/product data via the chatbot or search outputs.

Not certain from the listing — The underlying orchestration framework is not specified. Key threats include insecure tool integration (web browser/search tools) and tool misuse where the agent might be manipulated into executing unintended search queries or actions.

Not certain from the listing — No details are provided regarding hosting, containerization, sandboxing of the web-browsing environment, or API security. Risks include server-side request forgery (SSRF) during web scraping and container breakout if the browsing environment is not isolated.

Not certain from the listing — There is no mention of evaluation frameworks, real-time monitoring, or guardrails to detect hallucinated sales insights or malicious inputs. This creates blind spots regarding drift, prompt injection attempts, and output quality.

Not certain from the listing — Compliance certifications (e.g., SOC 2, GDPR) and specific access controls are not detailed. Given it handles proprietary product data and ICPs, lack of robust tenant isolation and access controls poses a compliance and data privacy risk.

Not certain from the listing — While it offers an API, there is no evidence of a multi-agent ecosystem or third-party agent integrations. The primary risk is unauthorized API access or cascading failures if integrated into broader CRM/sales pipelines.