AgentReadyHomeAgent Listing

← Hume AI

Hume AI — agentic threat model

7.7AIVSS 7.7 · High

Hume AI presents a unique risk profile centered on the ingestion and processing of sensitive biometric data (voice and facial expressions). Its primary vulnerabilities lie in adversarial manipulation of emotional inputs and potential privacy breaches of highly personal user interactions.

OWASP AIVSS score rationale

AIVSS = (CVSS_Base + AARS) × Mitigation_Factor, where AARS = (10 − CVSS_Base) × (Factor_Sum / 10) × ThM
CVSS base 6.5AARS uplift 1.22Factor sum 3.5/10Threat ×1.0Mitigation ×1.0
Autonomy of Action
0.30
Goal-Driven Planning
0.20
Self-Modification
0.10
Dynamic Tool Use
0.20
Persistent Memory
0.30
Contextual Awareness
0.80
Dynamic Identity
0.10
Multi-Agent Interactions
0.10
Non-Determinism
0.70
Opacity & Reflexivity
0.70

Scored with the canonical OWASP AIVSS formula (AIVSS calculator reference); agentic risk factors estimated from the agent’s described capabilities.

MAESTRO 7-layer threat model

Per-layer threats for this agent. Layers tagged “not certain from listing” are general, caveated commentary where the public description didn’t pin that layer.

L1 · Foundation Models✓ mapped

Hume AI relies heavily on proprietary expression measurement models, LLMs, and text-to-speech (TTS) engines. Key threats include adversarial audio/visual inputs designed to spoof emotional states, model stealing of their specialized empathic weights, and prompt injection via voice commands.

L2 · Data Operations⚠ not certain from listing

Not certain from the listing — The platform processes highly sensitive biometric data (voice and facial expressions). If RAG or vector databases are used to store user interaction history, they face risks of data exfiltration and unauthorized access to intimate user profiles.

L3 · Agent Frameworks⚠ not certain from listing

Not certain from the listing — The orchestration framework managing the Empathic Voice Interface (EVI) and Custom Model API is proprietary. Vulnerabilities could exist in how dialogue state is managed or how the API handles concurrent multimodal streams.

L4 · Deployment & Infrastructure⚠ not certain from listing

Not certain from the listing — As a closed-source, paid API platform, it likely runs on cloud infrastructure. Threats include API key exposure, denial of service (DoS) targeting real-time voice processing, and potential container escape if custom models are run in multi-tenant environments.

L5 · Evaluation & Observability⚠ not certain from listing

Not certain from the listing — While the description mentions aligning AI with human well-being, specific guardrails or real-time monitoring systems to detect emotional manipulation, toxic TTS generation, or biometric spoofing are not detailed.

L6 · Security & Compliance (cross-cutting)⚠ not certain from listing

Not certain from the listing — Processing facial and vocal expressions triggers strict biometric privacy regulations (e.g., BIPA, GDPR). The listing does not specify compliance certifications, data deletion policies, or user consent frameworks.

L7 · Agent Ecosystem⚠ not certain from listing

Not certain from the listing — Hume AI is positioned as an API platform rather than a multi-agent marketplace. However, if integrated into third-party agent ecosystems, compromised downstream agents could abuse Hume's empathic interface to socially engineer users.

MAESTRO — the 7-layer agentic threat-modeling framework (Cloud Security Alliance / Ken Huang).