Convai — agentic threat model
Convai presents a moderate security risk primarily centered around client-side SDK integration in games and XR, where compromised NPC actions, voice data interception, or poisoned knowledge bases could lead to unexpected in-game behaviors or potential exploitation of the host application.
OWASP AIVSS score rationale
| Autonomy of Action | 0.60 | |
| Goal-Driven Planning | 0.50 | |
| Self-Modification | 0.20 | |
| Dynamic Tool Use | 0.40 | |
| Persistent Memory | 0.70 | |
| Contextual Awareness | 0.80 | |
| Dynamic Identity | 0.20 | |
| Multi-Agent Interactions | 0.60 | |
| Non-Determinism | 0.70 | |
| Opacity & Reflexivity | 0.80 |
Scored with the canonical OWASP AIVSS formula (AIVSS calculator reference); agentic risk factors estimated from the agent’s described capabilities.
MAESTRO 7-layer threat model
Per-layer threats for this agent. Layers tagged “not certain from listing” are general, caveated commentary where the public description didn’t pin that layer.
Not certain from the listing — The specific foundation models used for LLM reasoning, ASR, and TTS are not disclosed. Threats include adversarial voice inputs (audio prompt injection) and model reprogramming to bypass character alignment.
Not certain from the listing — The architecture of the knowledge bases and memory storage is unspecified. Threats include knowledge-base poisoning to inject malicious NPC behaviors and data exfiltration of player-NPC interaction histories.
Convai's SDKs orchestrate perception, memory, and action execution within Unity/Unreal. Threats include insecure tool integration where NPCs execute unauthorized in-engine commands, and memory poisoning that permanently alters NPC behavior across sessions.
Not certain from the listing — The hosting environment for Convai's cloud APIs (ASR/TTS/LLM) is not detailed. Threats include API key exposure in game clients, lack of sandboxing for action execution, and man-in-the-middle attacks on voice streams.
Not certain from the listing — There is no mention of built-in guardrails, moderation APIs, or observability dashboards to monitor NPC outputs. Threats include undetected toxic/offensive NPC speech and drift in character alignment.
Not certain from the listing — Compliance certifications (e.g., COPPA for children's gaming, GDPR for voice data) and enterprise access controls are not specified in the directory listing.
Convai explicitly supports NPC-to-NPC dialogue. This multi-agent interaction introduces threats of cascading failures, where one compromised or hallucinating NPC propagates malicious states or instructions to other NPCs in the simulation.
MAESTRO — the 7-layer agentic threat-modeling framework (Cloud Security Alliance / Ken Huang).