AgentReadyHomeAgent Listing

← Auquan

Auquan — agentic threat model

8.8AIVSS 8.8 · High

Auquan poses a high-impact risk profile due to its autonomous execution of critical financial workflows (due diligence, risk monitoring) using unstructured data from millions of external sources, where data poisoning or prompt injection could lead to severe financial misjudgments.

OWASP AIVSS score rationale

AIVSS = (CVSS_Base + AARS) × Mitigation_Factor, where AARS = (10 − CVSS_Base) × (Factor_Sum / 10) × ThM
CVSS base 7.5AARS uplift 1.29Factor sum 4.9/10Threat ×1.05Mitigation ×1.0
Autonomy of Action
0.80
Goal-Driven Planning
0.70
Self-Modification
0.10
Dynamic Tool Use
0.60
Persistent Memory
0.40
Contextual Awareness
0.80
Dynamic Identity
0.10
Multi-Agent Interactions
0.30
Non-Determinism
0.50
Opacity & Reflexivity
0.60

Scored with the canonical OWASP AIVSS formula (AIVSS calculator reference); agentic risk factors estimated from the agent’s described capabilities.

MAESTRO 7-layer threat model

Per-layer threats for this agent. Layers tagged “not certain from listing” are general, caveated commentary where the public description didn’t pin that layer.

L1 · Foundation Models⚠ not certain from listing

Not certain from the listing — likely utilizes commercial or proprietary LLMs fine-tuned for financial domain expertise; vulnerable to prompt injection or mis-aligned outputs affecting financial analysis.

L2 · Data Operations✓ mapped

High risk of data poisoning or ingestion of malicious/hallucinated data from the 2+ million external unstructured data sources, potentially corrupting vector stores and RAG outputs.

L3 · Agent Frameworks✓ mapped

Automates entire workflows autonomously; vulnerable to insecure tool integration or logic flaws in multi-step financial research and reporting pipelines.

L4 · Deployment & Infrastructure⚠ not certain from listing

Not certain from the listing — closed-source SaaS deployment; requires robust sandboxing and secrets management to protect proprietary financial data and API integrations.

L5 · Evaluation & Observability⚠ not certain from listing

Not certain from the listing — requires rigorous financial-grade guardrails and drift detection to prevent hallucinated risk metrics or compliance reporting errors.

L6 · Security & Compliance (cross-cutting)⚠ not certain from listing

Not certain from the listing — financial services deployment demands strict compliance (e.g., SOC2, GDPR, SEC regulations), but specific controls are not detailed in the public directory.

L7 · Agent Ecosystem⚠ not certain from listing

Not certain from the listing — mentions 'AI agents' in plural but does not explicitly detail a multi-agent orchestration framework or marketplace interactions.

MAESTRO — the 7-layer agentic threat-modeling framework (Cloud Security Alliance / Ken Huang).