Cutshort AI — agentic threat model
Cutshort AI presents moderate-to-high agentic risk due to its write-access integrations with ATS platforms and autonomous candidate outreach capabilities. The primary threat vectors include indirect prompt injection via candidate resumes and unauthorized PII exfiltration.
OWASP AIVSS score rationale
| Autonomy of Action | 0.70 | |
| Goal-Driven Planning | 0.60 | |
| Self-Modification | 0.10 | |
| Dynamic Tool Use | 0.60 | |
| Persistent Memory | 0.40 | |
| Contextual Awareness | 0.50 | |
| Dynamic Identity | 0.30 | |
| Multi-Agent Interactions | 0.20 | |
| Non-Determinism | 0.50 | |
| Opacity & Reflexivity | 0.60 |
Scored with the canonical OWASP AIVSS formula (AIVSS calculator reference); agentic risk factors estimated from the agent’s described capabilities.
MAESTRO 7-layer threat model
Per-layer threats for this agent. Layers tagged “not certain from listing” are general, caveated commentary where the public description didn’t pin that layer.
Not certain from the listing — likely uses commercial LLMs (such as GPT-4) for candidate screening and outreach drafting. It is vulnerable to prompt injection that could bias screening criteria or alter outreach messages.
Not certain from the listing — processes candidate resumes, profiles, and job descriptions. It is highly vulnerable to indirect prompt injection embedded in candidate resumes, which could lead to data exfiltration of candidate PII.
The agent orchestrates sourcing, outreach, and ATS integration. Vulnerabilities include tool misuse where the agent is manipulated to spam candidates or write malicious data to the connected ATS or Google Sheets.
Not certain from the listing — likely hosted on cloud infrastructure with API integrations to ATS platforms. Vulnerable to API key exposure or insecure webhook handling during ATS synchronization.
Not certain from the listing — requires monitoring to detect bias in candidate screening and anomalous outreach behavior, but no specific observability stack or guardrails are mentioned.
Not certain from the listing — handles highly sensitive PII (resumes, contact info) and must comply with GDPR/CCPA and AI bias regulations (e.g., NYC AED 144), but specific compliance certifications are not listed.
Integrates directly with external ecosystems like ATS platforms, email/outreach channels, and sheets. Vulnerable to cascading failures if an ATS API changes or if compromised candidate profiles exploit the ATS via the agent's write permissions.
MAESTRO — the 7-layer agentic threat-modeling framework (Cloud Security Alliance / Ken Huang).