AgentReadyHomeAgent Listing

← Custodia

Custodia — agentic threat model

8.6AIVSS 8.6 · High

Custodia presents a moderate-to-high risk profile due to its integration with external business tools (Google Calendar, Amazon) and its deployment in sensitive sectors like Healthcare, where unauthorized actions or data leaks via voice channels could have significant real-world impacts.

OWASP AIVSS score rationale

AIVSS = (CVSS_Base + AARS) × Mitigation_Factor, where AARS = (10 − CVSS_Base) × (Factor_Sum / 10) × ThM
CVSS base 8.2AARS uplift 0.81Factor sum 4.3/10Threat ×1.05Mitigation ×0.95
Autonomy of Action
0.70
Goal-Driven Planning
0.50
Self-Modification
0.10
Dynamic Tool Use
0.60
Persistent Memory
0.40
Contextual Awareness
0.60
Dynamic Identity
0.20
Multi-Agent Interactions
0.10
Non-Determinism
0.60
Opacity & Reflexivity
0.50

Scored with the canonical OWASP AIVSS formula (AIVSS calculator reference); agentic risk factors estimated from the agent’s described capabilities.

MAESTRO 7-layer threat model

Per-layer threats for this agent. Layers tagged “not certain from listing” are general, caveated commentary where the public description didn’t pin that layer.

L1 · Foundation Models⚠ not certain from listing

Not certain from the listing — likely utilizes third-party or proprietary speech-to-text, LLM, and text-to-speech models. Key threats include voice-based prompt injection (jailbreaking via phone call) and adversarial audio inputs designed to bypass safety guardrails.

L2 · Data Operations⚠ not certain from listing

Not certain from the listing — accesses company policies to deliver accurate information. This implies a RAG or knowledge-base setup, which is vulnerable to data poisoning of the policy database or unauthorized exfiltration of sensitive internal documents through voice queries.

L3 · Agent Frameworks⚠ not certain from listing

Not certain from the listing — orchestrates call flows and executes actions like calendar scheduling. Threats include insecure tool integration where an attacker manipulates the agent into executing unauthorized API calls to Google Calendar or Amazon.

L4 · Deployment & Infrastructure⚠ not certain from listing

Not certain from the listing — hosted as a closed-source SaaS platform. Threats include exposure of API keys for third-party integrations, insecure SIP/telephony infrastructure, and lack of isolation between tenant data.

L5 · Evaluation & Observability✓ mapped

Provides real-time reporting on agent activities. However, there may be blind spots in detecting semantic drift, voice-based social engineering attempts, or compliance violations during live, unmonitored calls.

L6 · Security & Compliance (cross-cutting)✓ mapped

Focuses on policy compliance and targets regulated industries like Healthcare and Retail. However, specific compliance certifications (such as HIPAA or PCI-DSS) are not explicitly detailed, posing a risk of regulatory non-compliance if sensitive PII/PHI is handled insecurely.

L7 · Agent Ecosystem⚠ not certain from listing

Not certain from the listing — integrates with external platforms like Google and Amazon. Threats include cascading failures or trust abuse if the credentials or APIs of these connected platforms are compromised.

MAESTRO — the 7-layer agentic threat-modeling framework (Cloud Security Alliance / Ken Huang).