AgentReadyHomeAgent Listing

← Eva

Eva — agentic threat model

9.4AIVSS 9.4 · Critical

Eva operates with high agentic risk due to its integration with corporate SaaS billing systems and financial data, where unauthorized actions or compromise could lead to direct financial loss and sensitive data exposure.

OWASP AIVSS score rationale

AIVSS = (CVSS_Base + AARS) × Mitigation_Factor, where AARS = (10 − CVSS_Base) × (Factor_Sum / 10) × ThM
CVSS base 8.5AARS uplift 0.87Factor sum 5.5/10Threat ×1.05Mitigation ×1.0
Autonomy of Action
0.70
Goal-Driven Planning
0.60
Self-Modification
0.10
Dynamic Tool Use
0.80
Persistent Memory
0.70
Contextual Awareness
0.70
Dynamic Identity
0.60
Multi-Agent Interactions
0.20
Non-Determinism
0.50
Opacity & Reflexivity
0.60

Scored with the canonical OWASP AIVSS formula (AIVSS calculator reference); agentic risk factors estimated from the agent’s described capabilities.

MAESTRO 7-layer threat model

Per-layer threats for this agent. Layers tagged “not certain from listing” are general, caveated commentary where the public description didn’t pin that layer.

L1 · Foundation Models⚠ not certain from listing

Not certain from the listing — likely relies on commercial LLMs to parse billing documents and match discounts. Vulnerabilities include prompt injection via malicious invoices designed to manipulate discount calculations or billing actions.

L2 · Data Operations⚠ not certain from listing

Not certain from the listing — ingests sensitive SaaS usage logs, renewal contracts, and billing data. Vulnerable to data poisoning if malicious usage data is ingested, potentially leading to incorrect savings insights or unauthorized subscription modifications.

L3 · Agent Frameworks⚠ not certain from listing

Not certain from the listing — orchestrates API calls to external SaaS platforms and billing systems. Insecure tool integration or tool misuse could allow the agent to execute unintended subscription cancellations or modifications.

L4 · Deployment & Infrastructure⚠ not certain from listing

Not certain from the listing — hosted as a closed-source SaaS. The primary infrastructure threat is the secure storage and isolation of highly sensitive API keys and OAuth tokens used to access client SaaS portals.

L5 · Evaluation & Observability⚠ not certain from listing

Not certain from the listing — requires robust guardrails and real-time monitoring to detect and block anomalous billing transactions or unauthorized subscription changes before they are executed.

L6 · Security & Compliance (cross-cutting)⚠ not certain from listing

Not certain from the listing — handling corporate financial and SaaS stack data demands strict compliance (e.g., SOC 2, GDPR) and rigorous identity and access management (IAM) controls, which are not specified in the directory listing.

L7 · Agent Ecosystem⚠ not certain from listing

Not certain from the listing — operates primarily as a standalone digital worker, but interacts extensively with external SaaS APIs. It is vulnerable to cascading failures or API-based exploits originating from compromised third-party SaaS platforms.

MAESTRO — the 7-layer agentic threat-modeling framework (Cloud Security Alliance / Ken Huang).