AgentReadyHomeAgent Listing

← eGain AI Agent for Contact Center

eGain AI Agent for Contact Center — agentic threat model

6.7AIVSS 6.7 · Medium

The eGain AI Agent operates primarily as a real-time 'Agent Assist' tool with low direct autonomy, meaning its primary risk is not autonomous action but rather the potential to propagate malicious guidance, social engineering, or data exfiltration through trusted human-in-the-loop channels.

OWASP AIVSS score rationale

AIVSS = (CVSS_Base + AARS) × Mitigation_Factor, where AARS = (10 − CVSS_Base) × (Factor_Sum / 10) × ThM
CVSS base 7.5AARS uplift 0.88Factor sum 3.5/10Threat ×1.0Mitigation ×0.8
Autonomy of Action
0.20
Goal-Driven Planning
0.30
Self-Modification
0.10
Dynamic Tool Use
0.40
Persistent Memory
0.30
Contextual Awareness
0.80
Dynamic Identity
0.20
Multi-Agent Interactions
0.20
Non-Determinism
0.50
Opacity & Reflexivity
0.50

Scored with the canonical OWASP AIVSS formula (AIVSS calculator reference); agentic risk factors estimated from the agent’s described capabilities.

MAESTRO 7-layer threat model

Per-layer threats for this agent. Layers tagged “not certain from listing” are general, caveated commentary where the public description didn’t pin that layer.

L1 · Foundation Models⚠ not certain from listing

Not certain from the listing — The specific foundation models powering the eGain Knowledge Hub are not disclosed. This introduces risks of unpatched model-level vulnerabilities, adversarial prompt injection, or misaligned outputs that could mislead human agents.

L2 · Data Operations✓ mapped

Integrates directly with the eGain AI Knowledge Hub and enterprise CRM data. The primary threat is knowledge-base poisoning, where malicious or outdated documentation leads to incorrect guidance, alongside potential data exfiltration of sensitive customer PII during real-time retrieval.

L3 · Agent Frameworks✓ mapped

Orchestrates real-time conversation monitoring, intent classification, and tool-based knowledge retrieval. Vulnerabilities include insecure tool integration with CRM APIs and prompt injection attacks that manipulate the intent-detection logic to bypass safety guardrails.

L4 · Deployment & Infrastructure⚠ not certain from listing

Not certain from the listing — The hosting architecture (SaaS vs. private cloud) is not detailed. Standard enterprise threats apply, such as insecure storage of API secrets for telephony integrations (Amazon Connect, Genesys) and lack of network isolation.

L5 · Evaluation & Observability⚠ not certain from listing

Not certain from the listing — There is no explicit mention of real-time guardrails, output filtering, or drift detection mechanisms. This creates a risk of undetected toxic or manipulative outputs being delivered directly to the human agent's screen.

L6 · Security & Compliance (cross-cutting)⚠ not certain from listing

Not certain from the listing — While targeted at highly regulated sectors like Financial Services and Telecommunications, specific compliance certifications (e.g., SOC2, PCI-DSS, HIPAA) or access control mechanisms are not detailed in the public listing.

L7 · Agent Ecosystem✓ mapped

Integrates deeply with third-party contact center ecosystems (Salesforce, Genesys, Cisco Webex). Threats include cascading failures if downstream APIs experience outages, and trust-abuse vulnerabilities where the eGain agent is used as a vector to extract data from connected CRMs.

MAESTRO — the 7-layer agentic threat-modeling framework (Cloud Security Alliance / Ken Huang).