AgentReadyHomeAgent Listing

← Lexicon

Lexicon — agentic threat model

6.4AIVSS 6.4 · Medium

Lexicon presents a moderate risk profile primarily centered on data integrity and indirect prompt injection, as it dynamically retrieves and analyzes information from 14 external sources to generate strategic due diligence verdicts.

OWASP AIVSS score rationale

AIVSS = (CVSS_Base + AARS) × Mitigation_Factor, where AARS = (10 − CVSS_Base) × (Factor_Sum / 10) × ThM
CVSS base 5.3AARS uplift 1.13Factor sum 2.4/10Threat ×1.0Mitigation ×1.0
Autonomy of Action
0.20
Goal-Driven Planning
0.40
Self-Modification
0.00
Dynamic Tool Use
0.50
Persistent Memory
0.10
Contextual Awareness
0.50
Dynamic Identity
0.00
Multi-Agent Interactions
0.00
Non-Determinism
0.40
Opacity & Reflexivity
0.30

Scored with the canonical OWASP AIVSS formula (AIVSS calculator reference); agentic risk factors estimated from the agent’s described capabilities.

MAESTRO 7-layer threat model

Per-layer threats for this agent. Layers tagged “not certain from listing” are general, caveated commentary where the public description didn’t pin that layer.

L1 · Foundation Models⚠ not certain from listing

Not certain from the listing — likely relies on commercial LLMs to synthesize the 8-dimension verdicts. Primary threats include prompt injection biasing the analytical output and model misalignment leading to hallucinated due diligence metrics.

L2 · Data Operations✓ mapped

Retrieves live evidence from 14 distinct external sources. This creates a significant surface for data poisoning, where malicious actors manipulate external source data to corrupt Lexicon's due diligence verdicts, as well as potential leakage of sensitive research queries to those sources.

L3 · Agent Frameworks✓ mapped

Orchestrates multi-source retrieval and structures analysis across 8 dimensions. The primary threat is indirect prompt injection, where untrusted content retrieved from one of the 14 sources hijacks the orchestration framework to alter the final comparison output.

L4 · Deployment & Infrastructure⚠ not certain from listing

Not certain from the listing — hosted as a closed-source paid service. Threats include insecure storage of API keys used to access the 14 external sources and lack of network isolation when querying external endpoints.

L5 · Evaluation & Observability⚠ not certain from listing

Not certain from the listing — no mention of continuous evaluation or drift monitoring. Gaps here could allow silent degradation of verdict quality or undetected bias in the comparison framework over time.

L6 · Security & Compliance (cross-cutting)⚠ not certain from listing

Not certain from the listing — no explicit compliance certifications (e.g., SOC2) or access controls are detailed. Lack of robust tenant isolation could lead to cross-user exposure of sensitive, proprietary research queries.

L7 · Agent Ecosystem⚠ not certain from listing

Not certain from the listing — operates as a standalone horizontal research tool. If integrated into broader automated investment or procurement agent chains, compromised verdicts could trigger cascading financial or operational failures.

MAESTRO — the 7-layer agentic threat-modeling framework (Cloud Security Alliance / Ken Huang).