AgentReadyHomeAgent Listing

← ChatBot.com

ChatBot.com — agentic threat model

8.5AIVSS 8.5 · High

ChatBot.com presents a moderate agentic risk profile, primarily driven by its integration with external communication channels (Slack, Messenger) and customer service platforms, where prompt injection or compromise could lead to automated social engineering or unauthorized access to customer support data.

OWASP AIVSS score rationale

AIVSS = (CVSS_Base + AARS) × Mitigation_Factor, where AARS = (10 − CVSS_Base) × (Factor_Sum / 10) × ThM
CVSS base 7.5AARS uplift 0.98Factor sum 3.9/10Threat ×1.0Mitigation ×1.0
Autonomy of Action
0.60
Goal-Driven Planning
0.40
Self-Modification
0.10
Dynamic Tool Use
0.50
Persistent Memory
0.40
Contextual Awareness
0.60
Dynamic Identity
0.20
Multi-Agent Interactions
0.20
Non-Determinism
0.50
Opacity & Reflexivity
0.40

Scored with the canonical OWASP AIVSS formula (AIVSS calculator reference); agentic risk factors estimated from the agent’s described capabilities.

MAESTRO 7-layer threat model

Per-layer threats for this agent. Layers tagged “not certain from listing” are general, caveated commentary where the public description didn’t pin that layer.

L1 · Foundation Models⚠ not certain from listing

Not certain from the listing — The specific LLMs powering 'AI Assist' are not disclosed. Potential threats include prompt injection, model reprogramming, and generating misaligned or toxic outputs to customers.

L2 · Data Operations⚠ not certain from listing

Not certain from the listing — The platform trains bots using 'existing resources' (likely RAG on help center docs or websites). This introduces risks of knowledge-base poisoning, data exfiltration of sensitive internal resources, and lack of data lineage controls.

L3 · Agent Frameworks⚠ not certain from listing

Not certain from the listing — Orchestration relies on a hybrid of a 'Visual Builder' and 'AI Assist'. Threats include insecure tool integration with LiveChat/HelpDesk and conversational state manipulation.

L4 · Deployment & Infrastructure⚠ not certain from listing

Not certain from the listing — The hosting infrastructure and sandboxing mechanisms for executing integrations are not detailed. Risks include API key exposure for connected channels (Slack, FB Messenger) and container/host compromise.

L5 · Evaluation & Observability⚠ not certain from listing

Not certain from the listing — While the platform allows users to 'monitor chatbots', the presence of real-time guardrails, drift detection, or automated evaluation is unspecified, leaving potential blind spots for prompt injection detection.

L6 · Security & Compliance (cross-cutting)⚠ not certain from listing

Not certain from the listing — No compliance certifications (e.g., SOC 2, GDPR, HIPAA) or identity/access management controls are detailed in the public directory listing.

L7 · Agent Ecosystem⚠ not certain from listing

Not certain from the listing — The agent interacts with external ecosystems (Slack, FB Messenger, LiveChat). Threats include cascading failures if third-party APIs are compromised, and trust abuse where the bot is used as a vector for phishing.

MAESTRO — the 7-layer agentic threat-modeling framework (Cloud Security Alliance / Ken Huang).