AgentReadyHomeAgent Listing

← Jarni AI

Jarni AI — agentic threat model

9.2AIVSS 9.2 · Critical

Jarni AI presents a moderate-to-high risk profile due to its autonomous voice-based interaction (Autopilot) and direct integrations with CRMs and webhooks, making it susceptible to voice-based prompt injection and unauthorized downstream data modification.

OWASP AIVSS score rationale

AIVSS = (CVSS_Base + AARS) × Mitigation_Factor, where AARS = (10 − CVSS_Base) × (Factor_Sum / 10) × ThM
CVSS base 8.2AARS uplift 1.01Factor sum 5.1/10Threat ×1.1Mitigation ×1.0
Autonomy of Action
0.80
Goal-Driven Planning
0.60
Self-Modification
0.10
Dynamic Tool Use
0.60
Persistent Memory
0.50
Contextual Awareness
0.70
Dynamic Identity
0.20
Multi-Agent Interactions
0.30
Non-Determinism
0.70
Opacity & Reflexivity
0.60

Scored with the canonical OWASP AIVSS formula (AIVSS calculator reference); agentic risk factors estimated from the agent’s described capabilities.

MAESTRO 7-layer threat model

Per-layer threats for this agent. Layers tagged “not certain from listing” are general, caveated commentary where the public description didn’t pin that layer.

L1 · Foundation Models⚠ not certain from listing

Not certain from the listing — likely utilizes third-party speech-to-text, text-to-speech, and LLM APIs. Primary threats include voice-based prompt injection (audio injection) causing the agent to deviate from scripts, leak system prompts, or output inappropriate content during live calls.

L2 · Data Operations⚠ not certain from listing

Not certain from the listing — ingests real-time voice streams, generates transcriptions, and syncs with CRMs. Threats include the accidental ingestion and storage of sensitive PII/PCI in call transcripts, and potential data exfiltration via unauthorized webhook payloads.

L3 · Agent Frameworks✓ mapped

Orchestrates voice interactions, appointment booking, and CRM updates. Threats include insecure tool integration where an attacker manipulates the conversational flow to trigger unauthorized CRM writes, malicious call routing, or spam appointment bookings.

L4 · Deployment & Infrastructure⚠ not certain from listing

Not certain from the listing — likely hosted in a cloud environment to support API access and real-time webhooks. Threats include unauthorized API access, lack of rate limiting on voice endpoints leading to telephony denial-of-service (TDoS), and insecure webhook endpoints.

L5 · Evaluation & Observability✓ mapped

Features automated QA that reviews 100% of calls for script adherence and tone. Threats include evaluation gaming, where malicious actors or rogue agents manipulate voice tone and keywords to bypass compliance checks, and blind spots in detecting sophisticated prompt injections.

L6 · Security & Compliance (cross-cutting)⚠ not certain from listing

Not certain from the listing — handles voice recordings and customer PII, necessitating strict compliance with GDPR, CCPA, and potentially PCI-DSS. The listing does not specify encryption standards, access controls, or compliance certifications.

L7 · Agent Ecosystem✓ mapped

Integrates directly with external CRM ecosystems and webhook targets. Threats include cascading failures if downstream CRM APIs experience outages, and trust abuse where the receiving CRM implicitly trusts data written by the AI agent without secondary validation.

MAESTRO — the 7-layer agentic threat-modeling framework (Cloud Security Alliance / Ken Huang).