AgentReadyHomeAgent Listing

← Fieldproxy

Fieldproxy — agentic threat model

9.3AIVSS 9.3 · Critical

Fieldproxy presents a high-risk profile due to its integration with real-world physical operations, including real-time location tracking and automated technician dispatching. A compromise of its AI-driven scheduling or no-code app creation capabilities could lead to significant operational disruption, physical safety risks, and exposure of sensitive location data.

OWASP AIVSS score rationale

AIVSS = (CVSS_Base + AARS) × Mitigation_Factor, where AARS = (10 − CVSS_Base) × (Factor_Sum / 10) × ThM
CVSS base 8.5AARS uplift 0.79Factor sum 5.0/10Threat ×1.05Mitigation ×1.0
Autonomy of Action
0.70
Goal-Driven Planning
0.70
Self-Modification
0.20
Dynamic Tool Use
0.60
Persistent Memory
0.60
Contextual Awareness
0.80
Dynamic Identity
0.20
Multi-Agent Interactions
0.10
Non-Determinism
0.50
Opacity & Reflexivity
0.60

Scored with the canonical OWASP AIVSS formula (AIVSS calculator reference); agentic risk factors estimated from the agent’s described capabilities.

MAESTRO 7-layer threat model

Per-layer threats for this agent. Layers tagged “not certain from listing” are general, caveated commentary where the public description didn’t pin that layer.

L1 · Foundation Models⚠ not certain from listing

Not certain from the listing — the specific foundation models or LLMs used to power the AI-driven insights and no-code app creation are not disclosed. Potential threats include prompt injection manipulating scheduling logic or model poisoning leading to biased dispatching.

L2 · Data Operations⚠ not certain from listing

Not certain from the listing — the data pipeline, vector stores, and databases managing real-time location tracking and customer data are unspecified. Threats include unauthorized access to sensitive technician location history and customer PII.

L3 · Agent Frameworks⚠ not certain from listing

Not certain from the listing — the orchestration framework managing tool calls for automated scheduling and workflow optimization is not detailed. Threats include insecure tool integration where scheduling APIs could be abused to disrupt field operations.

L4 · Deployment & Infrastructure⚠ not certain from listing

Not certain from the listing — hosting infrastructure, network isolation, and sandboxing for the custom no-code apps are not described. Threats include container escape or privilege escalation within the hosting environment.

L5 · Evaluation & Observability⚠ not certain from listing

Not certain from the listing — there is no mention of real-time guardrails, drift detection, or logging mechanisms for the AI-driven insights. Threats include undetected drift in scheduling optimization or unlogged malicious actions.

L6 · Security & Compliance (cross-cutting)⚠ not certain from listing

Not certain from the listing — compliance certifications (e.g., SOC2, ISO 27001) or specific identity and access management controls are not stated. Threats include unauthorized access to the field management console.

L7 · Agent Ecosystem⚠ not certain from listing

Not certain from the listing — whether the platform interacts with external agent marketplaces or third-party AI ecosystems is not specified. Threats include cascading failures if external APIs or integrated services are compromised.

MAESTRO — the 7-layer agentic threat-modeling framework (Cloud Security Alliance / Ken Huang).