EY.ai Agentic Platform — agentic threat model
The EY.ai Agentic Platform presents a high-impact risk profile due to its integration into sensitive financial, tax, and risk workflows, though this is significantly mitigated by its focus on private deployment, human-in-the-loop governance, and enterprise-grade security controls.
OWASP AIVSS score rationale
| Autonomy of Action | 0.70 | |
| Goal-Driven Planning | 0.80 | |
| Self-Modification | 0.20 | |
| Dynamic Tool Use | 0.70 | |
| Persistent Memory | 0.50 | |
| Contextual Awareness | 0.80 | |
| Dynamic Identity | 0.40 | |
| Multi-Agent Interactions | 0.60 | |
| Non-Determinism | 0.50 | |
| Opacity & Reflexivity | 0.60 |
Scored with the canonical OWASP AIVSS formula (AIVSS calculator reference); agentic risk factors estimated from the agent’s described capabilities.
MAESTRO 7-layer threat model
Per-layer threats for this agent. Layers tagged “not certain from listing” are general, caveated commentary where the public description didn’t pin that layer.
Utilizes private NVIDIA AI reasoning models. Risks include adversarial prompt injection targeting financial logic, model extraction attempts, and potential training data poisoning if domain-specific models are fine-tuned on compromised enterprise data.
Not certain from the listing — while the platform processes high-value tax, risk, and finance data, the specific vector databases, RAG pipelines, and data ingestion security controls are not detailed in the public directory.
Orchestrates autonomous workflows across business functions. Risks involve insecure tool integration and tool misuse, where an agent executing tax or finance workflows might be manipulated into executing unauthorized transactions or API calls.
Offers 'EY.ai enterprise private' deployment options. This private hosting model significantly reduces external exposure and mitigates lateral movement risks compared to public SaaS, though container security and internal network isolation remain critical.
Emphasizes 'governed AI' and combining reasoning models with 'human knowledge' (suggesting human-in-the-loop controls). However, complex reasoning models can suffer from evaluation gaming and subtle drift in financial compliance logic.
Explicitly designed for governed, enterprise-ready workflows in risk management and finance. This implies alignment with strict regulatory frameworks (e.g., financial audits, SOC2, and data privacy laws), though specific compliance certifications are not listed.
Not certain from the listing — the platform is described as an ecosystem supporting agentic workflows, but the specific protocols for multi-agent coordination, agent-to-agent trust boundaries, and delegation of authority are not detailed.
MAESTRO — the 7-layer agentic threat-modeling framework (Cloud Security Alliance / Ken Huang).