AgentReadyHomeAgent Listing

← Harvey AI

Harvey AI — agentic threat model

7.6AIVSS 7.6 · High

Harvey AI presents a high-impact risk profile primarily due to the extreme sensitivity of the legal, regulatory, and corporate data it processes, though its agentic autonomy is currently constrained by a human-in-the-loop workflow.

OWASP AIVSS score rationale

AIVSS = (CVSS_Base + AARS) × Mitigation_Factor, where AARS = (10 − CVSS_Base) × (Factor_Sum / 10) × ThM
CVSS base 7.5AARS uplift 0.9Factor sum 3.6/10Threat ×1.0Mitigation ×0.9
Autonomy of Action
0.30
Goal-Driven Planning
0.40
Self-Modification
0.10
Dynamic Tool Use
0.30
Persistent Memory
0.40
Contextual Awareness
0.70
Dynamic Identity
0.10
Multi-Agent Interactions
0.20
Non-Determinism
0.60
Opacity & Reflexivity
0.50

Scored with the canonical OWASP AIVSS formula (AIVSS calculator reference); agentic risk factors estimated from the agent’s described capabilities.

MAESTRO 7-layer threat model

Per-layer threats for this agent. Layers tagged “not certain from listing” are general, caveated commentary where the public description didn’t pin that layer.

L1 · Foundation Models✓ mapped

Utilizes proprietary foundation models customized and trained on legal datasets. Primary threats include model stealing of proprietary legal fine-tunes, data poisoning of custom training sets, and mis-aligned outputs such as hallucinated case law or legal precedents.

L2 · Data Operations✓ mapped

Processes highly sensitive legal documents, contracts, and litigation data. Key threats include data exfiltration of privileged client information, knowledge-base poisoning of legal reference materials, and unauthorized access to vector stores containing proprietary case strategies.

L3 · Agent Frameworks⚠ not certain from listing

Not certain from the listing — details on the specific orchestration framework, planning mechanisms, or tool-calling protocols are not disclosed. However, insecure tool integration for document parsing and legal research queries could lead to prompt injection exploiting underlying parsers.

L4 · Deployment & Infrastructure⚠ not certain from listing

Not certain from the listing — hosting environment, sandboxing for document parsing, and secrets management details are not provided. Insecure document ingestion pipelines could expose the infrastructure to remote code execution via malicious PDFs or Word documents.

L5 · Evaluation & Observability⚠ not certain from listing

Not certain from the listing — no explicit details are provided regarding real-time guardrails, drift detection, or evaluation frameworks for legal accuracy. The lack of transparent observability could lead to undetected drift in legal reasoning or compliance advice.

L6 · Security & Compliance (cross-cutting)⚠ not certain from listing

Not certain from the listing — while the tool assists with regulatory compliance, the platform's own internal security controls, identity management, and audit logging are not specified. Compliance with legal industry standards (e.g., SOC 2, HIPAA, attorney-client privilege boundaries) is critical but unverified from the listing.

L7 · Agent Ecosystem⚠ not certain from listing

Not certain from the listing — there is no mention of multi-agent coordination, external agent marketplaces, or agent-to-agent trust boundaries. The ecosystem appears limited to a single-platform assistant model.

MAESTRO — the 7-layer agentic threat-modeling framework (Cloud Security Alliance / Ken Huang).