AgentReadyHomeAgent Listing

← EY.ai Agentic Platform

EY.ai Agentic Platform — agentic threat model

6.6AIVSS 6.6 · Medium

The EY.ai Agentic Platform presents a high-impact risk profile due to its integration into sensitive financial, tax, and risk workflows, though this is significantly mitigated by its focus on private deployment, human-in-the-loop governance, and enterprise-grade security controls.

OWASP AIVSS score rationale

AIVSS = (CVSS_Base + AARS) × Mitigation_Factor, where AARS = (10 − CVSS_Base) × (Factor_Sum / 10) × ThM
CVSS base 8.5AARS uplift 0.87Factor sum 5.8/10Threat ×1.0Mitigation ×0.7
Autonomy of Action
0.70
Goal-Driven Planning
0.80
Self-Modification
0.20
Dynamic Tool Use
0.70
Persistent Memory
0.50
Contextual Awareness
0.80
Dynamic Identity
0.40
Multi-Agent Interactions
0.60
Non-Determinism
0.50
Opacity & Reflexivity
0.60

Scored with the canonical OWASP AIVSS formula (AIVSS calculator reference); agentic risk factors estimated from the agent’s described capabilities.

MAESTRO 7-layer threat model

Per-layer threats for this agent. Layers tagged “not certain from listing” are general, caveated commentary where the public description didn’t pin that layer.

L1 · Foundation Models✓ mapped

Utilizes private NVIDIA AI reasoning models. Risks include adversarial prompt injection targeting financial logic, model extraction attempts, and potential training data poisoning if domain-specific models are fine-tuned on compromised enterprise data.

L2 · Data Operations⚠ not certain from listing

Not certain from the listing — while the platform processes high-value tax, risk, and finance data, the specific vector databases, RAG pipelines, and data ingestion security controls are not detailed in the public directory.

L3 · Agent Frameworks✓ mapped

Orchestrates autonomous workflows across business functions. Risks involve insecure tool integration and tool misuse, where an agent executing tax or finance workflows might be manipulated into executing unauthorized transactions or API calls.

L4 · Deployment & Infrastructure✓ mapped

Offers 'EY.ai enterprise private' deployment options. This private hosting model significantly reduces external exposure and mitigates lateral movement risks compared to public SaaS, though container security and internal network isolation remain critical.

L5 · Evaluation & Observability✓ mapped

Emphasizes 'governed AI' and combining reasoning models with 'human knowledge' (suggesting human-in-the-loop controls). However, complex reasoning models can suffer from evaluation gaming and subtle drift in financial compliance logic.

L6 · Security & Compliance (cross-cutting)✓ mapped

Explicitly designed for governed, enterprise-ready workflows in risk management and finance. This implies alignment with strict regulatory frameworks (e.g., financial audits, SOC2, and data privacy laws), though specific compliance certifications are not listed.

L7 · Agent Ecosystem⚠ not certain from listing

Not certain from the listing — the platform is described as an ecosystem supporting agentic workflows, but the specific protocols for multi-agent coordination, agent-to-agent trust boundaries, and delegation of authority are not detailed.

MAESTRO — the 7-layer agentic threat-modeling framework (Cloud Security Alliance / Ken Huang).