AUM — agentic threat model

Not certain from the listing — The specific foundation models used by AUM are not disclosed. If running offline, it likely utilizes quantized open-source LLMs, which are susceptible to prompt injection and adversarial manipulation that could alter database query generation.

AUM directly accesses sensitive enterprise data stores ('databases, contracts, and reports'). The primary threats at this layer include unauthorized data exfiltration via prompt injection, database credential theft, and vector database poisoning if malicious files are ingested into the 'Custom AI Brains'.

The agent framework translates user intent into file searches and database queries ('Talk to Your Databases'). This introduces severe risks of indirect prompt injection leading to unauthorized tool execution, such as destructive SQL commands or unauthorized file reads if input sanitization is insufficient.

AUM supports 'Offline & Remote Capabilities', suggesting on-premise or private cloud deployment. While this reduces public cloud exposure, threats include local privilege escalation, insecure local storage of database credentials, and lack of sandboxing during the parsing of untrusted PDF/contract files.

Not certain from the listing — There is no mention of built-in evaluation, monitoring, or guardrail mechanisms to detect anomalous database queries or drift in the agent's retrieval behavior.

Not certain from the listing — While AUM claims to protect 'privacy, compliance, and client trust', specific compliance certifications (e.g., SOC2, ISO 27001) or granular access control policies mapping user roles to database permissions are not detailed.

Not certain from the listing — The mention of 'Custom AI Brains For Different Teams' suggests isolated knowledge bases, but there is no explicit evidence of multi-agent collaboration or agent-to-agent trust boundaries.