AgentReadyHomeAgent Listing

← Insurance AI

Insurance AI — agentic threat model

8.0AIVSS 8.0 · High

Indemn AI presents a moderate-to-high risk profile due to its integration with dynamic REST APIs, multi-modal communication channels, and multi-agent orchestration in a sensitive vertical (insurance). However, its robust 'Human-in-the-Loop' design serves as a critical guardrail against unauthorized autonomous actions.

OWASP AIVSS score rationale

AIVSS = (CVSS_Base + AARS) × Mitigation_Factor, where AARS = (10 − CVSS_Base) × (Factor_Sum / 10) × ThM
CVSS base 8.5AARS uplift 0.93Factor sum 5.9/10Threat ×1.05Mitigation ×0.85
Autonomy of Action
0.50
Goal-Driven Planning
0.70
Self-Modification
0.20
Dynamic Tool Use
0.80
Persistent Memory
0.60
Contextual Awareness
0.80
Dynamic Identity
0.40
Multi-Agent Interactions
0.80
Non-Determinism
0.60
Opacity & Reflexivity
0.50

Scored with the canonical OWASP AIVSS formula (AIVSS calculator reference); agentic risk factors estimated from the agent’s described capabilities.

MAESTRO 7-layer threat model

Per-layer threats for this agent. Layers tagged “not certain from listing” are general, caveated commentary where the public description didn’t pin that layer.

L1 · Foundation Models⚠ not certain from listing

Not certain from the listing — The specific foundation models used are not disclosed. Threats include adversarial prompt injection via public-facing channels (voice, email, webchat) and potential model reprogramming.

L2 · Data Operations✓ mapped

The platform features 'Built-in RAG'. Threats include knowledge-base poisoning of insurance policies or customer data, data exfiltration via prompt injection, and unauthorized access to sensitive customer records stored in vector databases.

L3 · Agent Frameworks✓ mapped

Utilizes a 'Dynamic Rest API connected to AI Agents' and 'Deep AI agent orchestration'. Threats include insecure tool integration, API parameter tampering, and tool misuse where agents execute unauthorized transactions or policy changes.

L4 · Deployment & Infrastructure⚠ not certain from listing

Not certain from the listing — Details regarding hosting, sandboxing of API execution, and network isolation are omitted. Threats include container compromise and unauthorized lateral movement via exposed REST endpoints.

L5 · Evaluation & Observability⚠ not certain from listing

Not certain from the listing — While 'Seamless Human-in-the-Loop' is highlighted as a core feature, automated guardrails, drift detection, and logging mechanisms are not detailed. Threats include blind spots in multi-modal (voice/email) interaction monitoring.

L6 · Security & Compliance (cross-cutting)⚠ not certain from listing

Not certain from the listing — Despite operating in the highly regulated insurance sector, specific compliance standards (e.g., SOC2, HIPAA, GDPR) or identity and access management (IAM) controls are not specified.

L7 · Agent Ecosystem✓ mapped

Features 'Deep AI agent orchestration' and 'multi-modal agents'. Threats include cascading failures across orchestrated agents, agent-to-agent trust abuse, and conflicting goals between specialized agents.

MAESTRO — the 7-layer agentic threat-modeling framework (Cloud Security Alliance / Ken Huang).