AgentReadyHomeAgent Listing

← Dydas

Dydas — agentic threat model

8.8AIVSS 8.8 · High

Dydas presents a moderate-to-high risk profile due to its integration with 19+ premium tools and APIs alongside extensive web and social scraping capabilities, which could be abused for large-scale data exfiltration or credential theft if compromised.

OWASP AIVSS score rationale

AIVSS = (CVSS_Base + AARS) × Mitigation_Factor, where AARS = (10 − CVSS_Base) × (Factor_Sum / 10) × ThM
CVSS base 7.5AARS uplift 1.26Factor sum 4.8/10Threat ×1.05Mitigation ×1.0
Autonomy of Action
0.70
Goal-Driven Planning
0.60
Self-Modification
0.10
Dynamic Tool Use
0.80
Persistent Memory
0.30
Contextual Awareness
0.50
Dynamic Identity
0.60
Multi-Agent Interactions
0.10
Non-Determinism
0.50
Opacity & Reflexivity
0.60

Scored with the canonical OWASP AIVSS formula (AIVSS calculator reference); agentic risk factors estimated from the agent’s described capabilities.

MAESTRO 7-layer threat model

Per-layer threats for this agent. Layers tagged “not certain from listing” are general, caveated commentary where the public description didn’t pin that layer.

L1 · Foundation Models⚠ not certain from listing

Not certain from the listing — The specific LLM models used are not disclosed, leaving risks of model-specific vulnerabilities, prompt injection, or alignment gaps unquantified.

L2 · Data Operations✓ mapped

Dydas performs extensive data scraping across LinkedIn, Google Maps, and Google News. This introduces significant risks regarding PII handling, data provenance, and potential exposure to poisoned web content during scraping operations.

L3 · Agent Frameworks✓ mapped

The agent orchestrates 19+ premium tools and APIs to automate marketing workflows. This high density of tool integration presents a major attack surface for tool misuse, insecure API parameter injection, and unauthorized actions.

L4 · Deployment & Infrastructure⚠ not certain from listing

Not certain from the listing — As a closed-source, paid service, the hosting environment, sandboxing of scraping tools, and secret management practices for the 19+ premium APIs are completely opaque.

L5 · Evaluation & Observability⚠ not certain from listing

Not certain from the listing — There is no mention of real-time monitoring, guardrails against generating spam, or logging mechanisms to detect anomalous API or scraping behavior.

L6 · Security & Compliance (cross-cutting)⚠ not certain from listing

Not certain from the listing — No security certifications (such as SOC2), data privacy compliance (GDPR/CCPA regarding scraped leads), or identity governance controls are specified.

L7 · Agent Ecosystem⚠ not certain from listing

Not certain from the listing — While it connects to numerous external APIs and tools, there is no explicit mention of multi-agent coordination or marketplace-level trust boundaries.

MAESTRO — the 7-layer agentic threat-modeling framework (Cloud Security Alliance / Ken Huang).