Coach Nova — agentic threat model
Coach Nova presents a high-risk profile primarily due to the extreme sensitivity of conversational mental health data and the potential for generating harmful psychological advice if compromised or bypassed, despite having low operational autonomy.
OWASP AIVSS score rationale
| Autonomy of Action | 0.30 | |
| Goal-Driven Planning | 0.20 | |
| Self-Modification | 0.00 | |
| Dynamic Tool Use | 0.10 | |
| Persistent Memory | 0.60 | |
| Contextual Awareness | 0.50 | |
| Dynamic Identity | 0.00 | |
| Multi-Agent Interactions | 0.00 | |
| Non-Determinism | 0.70 | |
| Opacity & Reflexivity | 0.60 |
Scored with the canonical OWASP AIVSS formula (AIVSS calculator reference); agentic risk factors estimated from the agent’s described capabilities.
MAESTRO 7-layer threat model
Per-layer threats for this agent. Layers tagged “not certain from listing” are general, caveated commentary where the public description didn’t pin that layer.
Not certain from the listing — likely relies on commercial LLMs prompted with psychological principles. Risks include prompt injection leading to harmful/unsafe mental health advice or jailbreaks bypassing safety guardrails.
Not certain from the listing — likely utilizes a vector database (RAG) containing psychological frameworks and stress-relief strategies. Risks include data poisoning of the coaching knowledge base or exfiltration of sensitive user conversation history.
Not certain from the listing — likely uses a standard conversational framework with memory management to maintain user context. Risks include memory poisoning where malicious user inputs alter the agent's long-term coaching persona.
Not certain from the listing — deployed as an API-based cloud service. Risks include insecure API endpoints allowing unauthorized access to private employee chat logs or tenant isolation failures in a multi-tenant enterprise setup.
Not certain from the listing — requires strict guardrails and sentiment analysis to detect self-harm or severe clinical depression. Risks include blind spots in detecting crisis situations, leading to inadequate or dangerous automated responses.
Not certain from the listing — handles highly sensitive workplace wellness and mental health data, raising significant GDPR, HIPAA, and workplace privacy compliance risks. Lack of explicit compliance certifications in the listing is a concern.
Not certain from the listing — primarily operates as a standalone conversational companion. Risks are low here unless integrated into broader HR multi-agent systems where it could leak sensitive employee sentiment data.
MAESTRO — the 7-layer agentic threat-modeling framework (Cloud Security Alliance / Ken Huang).