AgentReadyHomeAgent Listing

← Dashworks AI

Dashworks AI — agentic threat model

7.4AIVSS 7.4 · High

Dashworks AI presents a high-impact risk profile due to its deep integration with over 50 sensitive enterprise data sources (Slack, Salesforce, Google Workspace), making it a high-value target for data exfiltration and privilege escalation, though mitigated by built-in permissioned access controls.

OWASP AIVSS score rationale

AIVSS = (CVSS_Base + AARS) × Mitigation_Factor, where AARS = (10 − CVSS_Base) × (Factor_Sum / 10) × ThM
CVSS base 8.5AARS uplift 0.69Factor sum 4.6/10Threat ×1.0Mitigation ×0.8
Autonomy of Action
0.40
Goal-Driven Planning
0.30
Self-Modification
0.10
Dynamic Tool Use
0.70
Persistent Memory
0.40
Contextual Awareness
0.80
Dynamic Identity
0.50
Multi-Agent Interactions
0.50
Non-Determinism
0.40
Opacity & Reflexivity
0.50

Scored with the canonical OWASP AIVSS formula (AIVSS calculator reference); agentic risk factors estimated from the agent’s described capabilities.

MAESTRO 7-layer threat model

Per-layer threats for this agent. Layers tagged “not certain from listing” are general, caveated commentary where the public description didn’t pin that layer.

L1 · Foundation Models⚠ not certain from listing

Not certain from the listing — Dashworks AI uses closed-source NLP models to power its multilingual enterprise search and customizable bots. Primary threats include adversarial prompt injection to bypass safety guardrails and potential data leakage of sensitive training or system prompt data through model outputs.

L2 · Data Operations✓ mapped

Integrates with over 50 workplace tools (Slack, Google Workspace, Salesforce, Notion) to centralize organizational knowledge. This creates a massive attack surface for data operations, where data poisoning in any connected tool could corrupt the RAG knowledge base, or embedding inversion could lead to unauthorized data exfiltration.

L3 · Agent Frameworks✓ mapped

Orchestrates workflow automation and customizable bots across multiple departments (HR, IT, Sales, Support). Vulnerabilities in the agent framework could allow attackers to execute unauthorized tool actions or manipulate workflow logic via indirect prompt injection from connected data sources.

L4 · Deployment & Infrastructure⚠ not certain from listing

Not certain from the listing — As an enterprise-grade SaaS acquired by HubSpot, it likely runs on secure cloud infrastructure. However, the listing does not specify sandboxing or container isolation details, leaving potential risks of lateral movement if a connected integration is compromised.

L5 · Evaluation & Observability⚠ not certain from listing

Not certain from the listing — While the system provides real-time answers with source citations (which aids human verification), the listing does not detail its internal evaluation, logging, or drift detection mechanisms to monitor for anomalous agent behavior.

L6 · Security & Compliance (cross-cutting)✓ mapped

Explicitly features secure, permissioned access control and role-based personalization. The primary security challenge is ensuring strict alignment between the agent's access controls and the native permissions of the 50+ integrated third-party tools to prevent privilege escalation.

L7 · Agent Ecosystem✓ mapped

Supports customizable bots tailored to specific departments and is integrated with HubSpot's Breeze Copilot and Breeze Agents. This multi-agent ecosystem introduces risks of cascading failures and trust abuse if one specialized bot is compromised and interacts with others.

MAESTRO — the 7-layer agentic threat-modeling framework (Cloud Security Alliance / Ken Huang).