Endorsed — agentic threat model
Endorsed presents a moderate security risk primarily centered on the processing of sensitive candidate PII and the potential for opaque, non-deterministic bias in applicant screening. The lack of disclosed security controls or architectural details in the public listing necessitates a cautious deployment posture.
OWASP AIVSS score rationale
| Autonomy of Action | 0.40 | |
| Goal-Driven Planning | 0.30 | |
| Self-Modification | 0.00 | |
| Dynamic Tool Use | 0.40 | |
| Persistent Memory | 0.30 | |
| Contextual Awareness | 0.50 | |
| Dynamic Identity | 0.10 | |
| Multi-Agent Interactions | 0.00 | |
| Non-Determinism | 0.60 | |
| Opacity & Reflexivity | 0.70 |
Scored with the canonical OWASP AIVSS formula (AIVSS calculator reference); agentic risk factors estimated from the agent’s described capabilities.
MAESTRO 7-layer threat model
Per-layer threats for this agent. Layers tagged “not certain from listing” are general, caveated commentary where the public description didn’t pin that layer.
Not certain from the listing — the specific foundation models used by Endorsed are not disclosed. Standard LLM risks like prompt injection or biased outputs could affect candidate screening.
Endorsed processes sensitive candidate profiles and resumes for sourcing and applicant review, presenting risks of PII leakage, unauthorized data access, and bias in candidate ranking.
Not certain from the listing — the orchestration framework and tool-calling capabilities are not detailed. Insecure tool integration with ATS platforms could lead to unauthorized data access.
Not certain from the listing — the hosting infrastructure, sandboxing, and deployment environment are not specified in the public directory.
Not certain from the listing — there is no mention of evaluation, monitoring, or guardrails to detect drift, bias, or adversarial manipulation in candidate screening.
Not certain from the listing — compliance certifications (like SOC2, GDPR, or CCPA) and identity/access management controls are not detailed, despite handling sensitive HR data.
Not certain from the listing — it is unclear if Endorsed interacts with other agents or operates within a multi-agent ecosystem.
MAESTRO — the 7-layer agentic threat-modeling framework (Cloud Security Alliance / Ken Huang).