Custodia — agentic threat model
Custodia presents a moderate-to-high risk profile due to its integration with external business tools (Google Calendar, Amazon) and its deployment in sensitive sectors like Healthcare, where unauthorized actions or data leaks via voice channels could have significant real-world impacts.
OWASP AIVSS score rationale
| Autonomy of Action | 0.70 | |
| Goal-Driven Planning | 0.50 | |
| Self-Modification | 0.10 | |
| Dynamic Tool Use | 0.60 | |
| Persistent Memory | 0.40 | |
| Contextual Awareness | 0.60 | |
| Dynamic Identity | 0.20 | |
| Multi-Agent Interactions | 0.10 | |
| Non-Determinism | 0.60 | |
| Opacity & Reflexivity | 0.50 |
Scored with the canonical OWASP AIVSS formula (AIVSS calculator reference); agentic risk factors estimated from the agent’s described capabilities.
MAESTRO 7-layer threat model
Per-layer threats for this agent. Layers tagged “not certain from listing” are general, caveated commentary where the public description didn’t pin that layer.
Not certain from the listing — likely utilizes third-party or proprietary speech-to-text, LLM, and text-to-speech models. Key threats include voice-based prompt injection (jailbreaking via phone call) and adversarial audio inputs designed to bypass safety guardrails.
Not certain from the listing — accesses company policies to deliver accurate information. This implies a RAG or knowledge-base setup, which is vulnerable to data poisoning of the policy database or unauthorized exfiltration of sensitive internal documents through voice queries.
Not certain from the listing — orchestrates call flows and executes actions like calendar scheduling. Threats include insecure tool integration where an attacker manipulates the agent into executing unauthorized API calls to Google Calendar or Amazon.
Not certain from the listing — hosted as a closed-source SaaS platform. Threats include exposure of API keys for third-party integrations, insecure SIP/telephony infrastructure, and lack of isolation between tenant data.
Provides real-time reporting on agent activities. However, there may be blind spots in detecting semantic drift, voice-based social engineering attempts, or compliance violations during live, unmonitored calls.
Focuses on policy compliance and targets regulated industries like Healthcare and Retail. However, specific compliance certifications (such as HIPAA or PCI-DSS) are not explicitly detailed, posing a risk of regulatory non-compliance if sensitive PII/PHI is handled insecurely.
Not certain from the listing — integrates with external platforms like Google and Amazon. Threats include cascading failures or trust abuse if the credentials or APIs of these connected platforms are compromised.
MAESTRO — the 7-layer agentic threat-modeling framework (Cloud Security Alliance / Ken Huang).