Customers.ai — agentic threat model
Customers.ai presents a high-risk profile due to its handling of sensitive PII (visitor enrichment) and direct integration with critical business systems like Salesforce and SendGrid. A compromise could lead to massive data exfiltration, regulatory non-compliance (GDPR/CCPA), and automated brand damage via unauthorized email campaigns.
OWASP AIVSS score rationale
| Autonomy of Action | 0.70 | |
| Goal-Driven Planning | 0.50 | |
| Self-Modification | 0.10 | |
| Dynamic Tool Use | 0.60 | |
| Persistent Memory | 0.80 | |
| Contextual Awareness | 0.70 | |
| Dynamic Identity | 0.20 | |
| Multi-Agent Interactions | 0.30 | |
| Non-Determinism | 0.50 | |
| Opacity & Reflexivity | 0.60 |
Scored with the canonical OWASP AIVSS formula (AIVSS calculator reference); agentic risk factors estimated from the agent’s described capabilities.
MAESTRO 7-layer threat model
Per-layer threats for this agent. Layers tagged “not certain from listing” are general, caveated commentary where the public description didn’t pin that layer.
Not certain from the listing — The specific foundation models used for generating marketing copy or analyzing visitor behavior are not disclosed, leaving potential vulnerabilities to model-specific prompt injection or data extraction unverified.
Critical risk area. The platform's core value is identifying anonymous visitors and enriching their identity data. This involves massive aggregation of PII, making it a prime target for data exfiltration, privacy violations, and data lineage/provenance gaps.
High risk due to deep integrations with Klaviyo, SendGrid, Salesforce, and HighLevel. Insecure tool integration or framework vulnerabilities could allow an attacker to hijack these connections to send unauthorized emails or exfiltrate CRM data.
Not certain from the listing — The hosting environment, API credential storage (for Salesforce/SendGrid), and network sandboxing mechanisms are not detailed in the public directory listing.
Not certain from the listing — There is no mention of real-time monitoring, guardrails for generated email content, or anomaly detection to prevent automated spamming or brand damage.
High compliance exposure. Tracking anonymous website visitors and enriching their profiles raises significant GDPR, CCPA, and ePrivacy compliance risks. The listing does not cite specific security certifications (e.g., SOC 2) or consent management frameworks.
The agent acts as a central hub connecting web traffic to downstream marketing ecosystems. Compromise of this agent creates a cascading risk, allowing attackers to pivot into connected CRMs and email delivery networks.
MAESTRO — the 7-layer agentic threat-modeling framework (Cloud Security Alliance / Ken Huang).