AgentReadyHomeAgent Listing

← Custodia AI

Custodia AI — agentic threat model

6.5AIVSS 6.5 · Medium

Custodia AI presents a high data-security risk profile due to its processing of biometric templates and sensitive compliance voice data, though its agentic autonomy and planning capabilities are relatively low.

OWASP AIVSS score rationale

AIVSS = (CVSS_Base + AARS) × Mitigation_Factor, where AARS = (10 − CVSS_Base) × (Factor_Sum / 10) × ThM
CVSS base 7.5AARS uplift 0.57Factor sum 2.3/10Threat ×1.0Mitigation ×0.8
Autonomy of Action
0.20
Goal-Driven Planning
0.10
Self-Modification
0.00
Dynamic Tool Use
0.20
Persistent Memory
0.40
Contextual Awareness
0.50
Dynamic Identity
0.10
Multi-Agent Interactions
0.10
Non-Determinism
0.30
Opacity & Reflexivity
0.40

Scored with the canonical OWASP AIVSS formula (AIVSS calculator reference); agentic risk factors estimated from the agent’s described capabilities.

MAESTRO 7-layer threat model

Per-layer threats for this agent. Layers tagged “not certain from listing” are general, caveated commentary where the public description didn’t pin that layer.

L1 · Foundation Models⚠ not certain from listing

Not certain from the listing — the specific speech-to-text, biometric, and sentiment models are proprietary and closed source. Threats include adversarial voice inputs designed to bypass biometric identification or manipulate sentiment analysis.

L2 · Data Operations✓ mapped

Processes highly sensitive voice recordings, biometric templates, and transcriptions across regulated industries. Key threats include biometric data exfiltration, unauthorized access to compliance archives, and data lineage gaps in voice-to-text pipelines.

L3 · Agent Frameworks⚠ not certain from listing

Not certain from the listing — the orchestration framework of CC1 is not detailed. Potential threats include insecure integration of the transcription pipeline with downstream compliance alerting tools or database systems.

L4 · Deployment & Infrastructure⚠ not certain from listing

Not certain from the listing — hosting details (cloud vs. on-premise CC1) are unspecified. Threats include container compromise hosting the voice processing models and unauthorized interception of real-time voice streams.

L5 · Evaluation & Observability⚠ not certain from listing

Not certain from the listing — no details on how transcription accuracy, biometric drift, or sentiment analysis bias are monitored or audited.

L6 · Security & Compliance (cross-cutting)✓ mapped

Highly relevant as it is a compliance tool for regulated industries (finance, healthcare, energy). Must strictly align with GDPR, HIPAA, and financial regulations. Threats include compliance failures due to biometric data mishandling or unauthorized access to audit logs.

L7 · Agent Ecosystem⚠ not certain from listing

Not certain from the listing — no explicit multi-agent interactions or marketplace integrations are described for the CC1 platform.

MAESTRO — the 7-layer agentic threat-modeling framework (Cloud Security Alliance / Ken Huang).