AgentReadyHomeAgent Listing

← Call Support AI

Call Support AI — agentic threat model

8.7AIVSS 8.7 · High

This voice-based AI agent presents a high-risk profile due to its direct interaction with external users over telephony, handling of sensitive PII (claims, lead qualification, and customer feedback), and integration with downstream business systems like CRMs and scheduling tools.

OWASP AIVSS score rationale

AIVSS = (CVSS_Base + AARS) × Mitigation_Factor, where AARS = (10 − CVSS_Base) × (Factor_Sum / 10) × ThM
CVSS base 7.5AARS uplift 1.21Factor sum 4.6/10Threat ×1.05Mitigation ×1.0
Autonomy of Action
0.70
Goal-Driven Planning
0.50
Self-Modification
0.10
Dynamic Tool Use
0.60
Persistent Memory
0.50
Contextual Awareness
0.60
Dynamic Identity
0.20
Multi-Agent Interactions
0.20
Non-Determinism
0.70
Opacity & Reflexivity
0.50

Scored with the canonical OWASP AIVSS formula (AIVSS calculator reference); agentic risk factors estimated from the agent’s described capabilities.

MAESTRO 7-layer threat model

Per-layer threats for this agent. Layers tagged “not certain from listing” are general, caveated commentary where the public description didn’t pin that layer.

L1 · Foundation Models⚠ not certain from listing

Not certain from the listing — likely relies on third-party LLMs combined with Speech-to-Text (STT) and Text-to-Speech (TTS) engines. It is highly vulnerable to voice-based prompt injection (vishing injection) where callers manipulate the underlying LLM to bypass screening or extract system prompts.

L2 · Data Operations⚠ not certain from listing

Not certain from the listing — processes real-time voice inputs, customer feedback, and claims data. Without explicit details on data retention, there are risks of PII leakage, unauthorized data exfiltration, and lack of encryption for stored call transcripts or audio recordings.

L3 · Agent Frameworks⚠ not certain from listing

Not certain from the listing — orchestrates conversational state, schedules viewings, and forwards information. Insecure tool integration with CRMs or scheduling APIs could allow an attacker to manipulate database records or trigger unauthorized actions via conversational exploits.

L4 · Deployment & Infrastructure⚠ not certain from listing

Not certain from the listing — requires telephony infrastructure (SIP/WebRTC gateways) and hosting. Vulnerabilities include SIP toll fraud, denial of service on voice lines, and insecure storage of API keys used to connect to telephony providers.

L5 · Evaluation & Observability⚠ not certain from listing

Not certain from the listing — lacks details on real-time guardrails or call monitoring. Without robust observability, malicious interactions, prompt injections, or model drift during live calls may go undetected.

L6 · Security & Compliance (cross-cutting)⚠ not certain from listing

Not certain from the listing — handles sensitive verticals like real estate and insurance claims but mentions no compliance frameworks (e.g., SOC2, GDPR, HIPAA). This poses significant regulatory and privacy compliance risks regarding caller consent and data handling.

L7 · Agent Ecosystem⚠ not certain from listing

Not certain from the listing — interacts with downstream systems and 'relevant people' by forwarding information. If integrated into a multi-agent workflow or automated dispatch system, compromised inputs could cause cascading logic failures in connected business systems.

MAESTRO — the 7-layer agentic threat-modeling framework (Cloud Security Alliance / Ken Huang).