AgentReadyHomeAgent Listing

← Customers.ai

Customers.ai — agentic threat model

9.1AIVSS 9.1 · Critical

Customers.ai presents a high-risk profile due to its handling of sensitive PII (visitor enrichment) and direct integration with critical business systems like Salesforce and SendGrid. A compromise could lead to massive data exfiltration, regulatory non-compliance (GDPR/CCPA), and automated brand damage via unauthorized email campaigns.

OWASP AIVSS score rationale

AIVSS = (CVSS_Base + AARS) × Mitigation_Factor, where AARS = (10 − CVSS_Base) × (Factor_Sum / 10) × ThM
CVSS base 8.2AARS uplift 0.95Factor sum 5.0/10Threat ×1.05Mitigation ×1.0
Autonomy of Action
0.70
Goal-Driven Planning
0.50
Self-Modification
0.10
Dynamic Tool Use
0.60
Persistent Memory
0.80
Contextual Awareness
0.70
Dynamic Identity
0.20
Multi-Agent Interactions
0.30
Non-Determinism
0.50
Opacity & Reflexivity
0.60

Scored with the canonical OWASP AIVSS formula (AIVSS calculator reference); agentic risk factors estimated from the agent’s described capabilities.

MAESTRO 7-layer threat model

Per-layer threats for this agent. Layers tagged “not certain from listing” are general, caveated commentary where the public description didn’t pin that layer.

L1 · Foundation Models⚠ not certain from listing

Not certain from the listing — The specific foundation models used for generating marketing copy or analyzing visitor behavior are not disclosed, leaving potential vulnerabilities to model-specific prompt injection or data extraction unverified.

L2 · Data Operations✓ mapped

Critical risk area. The platform's core value is identifying anonymous visitors and enriching their identity data. This involves massive aggregation of PII, making it a prime target for data exfiltration, privacy violations, and data lineage/provenance gaps.

L3 · Agent Frameworks✓ mapped

High risk due to deep integrations with Klaviyo, SendGrid, Salesforce, and HighLevel. Insecure tool integration or framework vulnerabilities could allow an attacker to hijack these connections to send unauthorized emails or exfiltrate CRM data.

L4 · Deployment & Infrastructure⚠ not certain from listing

Not certain from the listing — The hosting environment, API credential storage (for Salesforce/SendGrid), and network sandboxing mechanisms are not detailed in the public directory listing.

L5 · Evaluation & Observability⚠ not certain from listing

Not certain from the listing — There is no mention of real-time monitoring, guardrails for generated email content, or anomaly detection to prevent automated spamming or brand damage.

L6 · Security & Compliance (cross-cutting)✓ mapped

High compliance exposure. Tracking anonymous website visitors and enriching their profiles raises significant GDPR, CCPA, and ePrivacy compliance risks. The listing does not cite specific security certifications (e.g., SOC 2) or consent management frameworks.

L7 · Agent Ecosystem✓ mapped

The agent acts as a central hub connecting web traffic to downstream marketing ecosystems. Compromise of this agent creates a cascading risk, allowing attackers to pivot into connected CRMs and email delivery networks.

MAESTRO — the 7-layer agentic threat-modeling framework (Cloud Security Alliance / Ken Huang).