AgentReadyHomeAgent Listing

← Dialora.ai

Dialora.ai — agentic threat model

8.9AIVSS 8.9 · High

Dialora.ai presents a moderate-to-high risk profile due to its direct integration with telephony (SIP trunks) and CRMs (HubSpot), which could be exploited for toll fraud, social engineering, or unauthorized data exfiltration if the voice agent is manipulated.

OWASP AIVSS score rationale

AIVSS = (CVSS_Base + AARS) × Mitigation_Factor, where AARS = (10 − CVSS_Base) × (Factor_Sum / 10) × ThM
CVSS base 8.5AARS uplift 0.83Factor sum 5.3/10Threat ×1.05Mitigation ×0.95
Autonomy of Action
0.80
Goal-Driven Planning
0.60
Self-Modification
0.10
Dynamic Tool Use
0.70
Persistent Memory
0.60
Contextual Awareness
0.60
Dynamic Identity
0.30
Multi-Agent Interactions
0.40
Non-Determinism
0.70
Opacity & Reflexivity
0.50

Scored with the canonical OWASP AIVSS formula (AIVSS calculator reference); agentic risk factors estimated from the agent’s described capabilities.

MAESTRO 7-layer threat model

Per-layer threats for this agent. Layers tagged “not certain from listing” are general, caveated commentary where the public description didn’t pin that layer.

L1 · Foundation Models⚠ not certain from listing

Not certain from the listing — The underlying LLM, STT, and TTS models are not specified. Threats include prompt injection via voice (over-the-air injection), adversarial audio inputs, and model output manipulation leading to inappropriate or unauthorized spoken responses.

L2 · Data Operations✓ mapped

The agent records and transcribes calls, storing them alongside CRM data. This creates a high-value target for data exfiltration of customer PII and sensitive conversational data, as well as risks of downstream data poisoning if transcriptions are used for continuous model fine-tuning.

L3 · Agent Frameworks✓ mapped

The agent orchestrates real-time booking, outbound campaigns, and CRM integrations. Insecure tool integration with HubSpot or SIP trunks could allow an attacker to manipulate the agent into executing unauthorized API calls, modifying CRM records, or initiating unauthorized outbound calls.

L4 · Deployment & Infrastructure⚠ not certain from listing

Not certain from the listing — Telephony infrastructure (SIP trunks) and hosting details are omitted. Risks include SIP registration hijacking, denial of service on voice channels, and insecure storage of API keys for CRM integrations.

L5 · Evaluation & Observability✓ mapped

The platform provides analytics and performance tracking. However, it is unclear if there are real-time guardrails to detect and block prompt injection or toxic outputs during live voice calls, creating a potential blind spot in live monitoring.

L6 · Security & Compliance (cross-cutting)⚠ not certain from listing

Not certain from the listing — While 'secure storage' is mentioned for recordings, there is no explicit mention of compliance frameworks (e.g., SOC2, HIPAA, PCI-DSS) which are critical for handling voice recordings and CRM data.

L7 · Agent Ecosystem✓ mapped

The system supports unlimited AI agents, subaccounts, and team collaboration. This multi-tenant and multi-agent structure introduces risks of cross-tenant data leakage, privilege escalation between subaccounts, and unauthorized configuration changes by compromised team accounts.

MAESTRO — the 7-layer agentic threat-modeling framework (Cloud Security Alliance / Ken Huang).