AgentReadyHomeAgent Listing

← Enjo AI

Enjo AI — agentic threat model

8.9AIVSS 8.9 · High

Enjo AI exhibits a high-risk profile due to its deep integration into enterprise communication channels (Slack, Teams) and ticketing systems, combined with autonomous action capabilities to resolve support requests and trigger workspace integrations.

OWASP AIVSS score rationale

AIVSS = (CVSS_Base + AARS) × Mitigation_Factor, where AARS = (10 − CVSS_Base) × (Factor_Sum / 10) × ThM
CVSS base 8.5AARS uplift 0.88Factor sum 5.6/10Threat ×1.05Mitigation ×0.95
Autonomy of Action
0.80
Goal-Driven Planning
0.70
Self-Modification
0.10
Dynamic Tool Use
0.80
Persistent Memory
0.60
Contextual Awareness
0.80
Dynamic Identity
0.40
Multi-Agent Interactions
0.30
Non-Determinism
0.60
Opacity & Reflexivity
0.50

Scored with the canonical OWASP AIVSS formula (AIVSS calculator reference); agentic risk factors estimated from the agent’s described capabilities.

MAESTRO 7-layer threat model

Per-layer threats for this agent. Layers tagged “not certain from listing” are general, caveated commentary where the public description didn’t pin that layer.

L1 · Foundation Models⚠ not certain from listing

Not certain from the listing — The specific foundation models powering the 'enterprise-grade AI platform' are not disclosed. Threats include prompt injection attacks that could bypass customer service guardrails to output inappropriate or malicious content.

L2 · Data Operations✓ mapped

The agent is trained on company knowledge, tickets, and apps. This creates a high risk of data poisoning if malicious actors submit tickets designed to corrupt the agent's knowledge base, or data exfiltration of sensitive customer PII via engineered prompt queries.

L3 · Agent Frameworks✓ mapped

Enjo uses 'AI flows and AI actions' for complex integrations. Framework-level threats include insecure tool execution where an attacker manipulates the agent into executing unauthorized API calls or routing tickets to malicious external endpoints.

L4 · Deployment & Infrastructure⚠ not certain from listing

Not certain from the listing — The hosting environment, sandboxing of 'AI actions', and secret management for Slack/Teams API tokens are not detailed. Compromise of these secrets could lead to unauthorized workspace access.

L5 · Evaluation & Observability✓ mapped

Features advanced analytics for performance, knowledge gaps, and sentiment analysis. However, it lacks explicit security-focused observability, such as real-time prompt injection detection or automated guardrail monitoring.

L6 · Security & Compliance (cross-cutting)⚠ not certain from listing

Not certain from the listing — While described as an 'enterprise-grade AI platform', specific compliance certifications (e.g., SOC 2, ISO 27001), data retention policies, and role-based access controls (RBAC) are not explicitly detailed.

L7 · Agent Ecosystem✓ mapped

Operates within a collaborative ecosystem (Slack, Teams, and connected apps). The primary threat is trust abuse, where the agent is used as a vector to launch social engineering attacks or distribute malicious payloads to internal employees.

MAESTRO — the 7-layer agentic threat-modeling framework (Cloud Security Alliance / Ken Huang).