AgentReadyHomeAgent Listing

← Monobot CX

Monobot CX — agentic threat model

8.6AIVSS 8.6 · High

Monobot CX presents a moderate-to-high risk profile due to its autonomous capability to perform real-world actions like scheduling and reservations, coupled with integrations into external platforms like Google and social media, without explicit security controls or compliance certifications mentioned in its listing.

OWASP AIVSS score rationale

AIVSS = (CVSS_Base + AARS) × Mitigation_Factor, where AARS = (10 − CVSS_Base) × (Factor_Sum / 10) × ThM
CVSS base 7.5AARS uplift 1.12Factor sum 4.5/10Threat ×1.0Mitigation ×1.0
Autonomy of Action
0.80
Goal-Driven Planning
0.60
Self-Modification
0.10
Dynamic Tool Use
0.60
Persistent Memory
0.50
Contextual Awareness
0.50
Dynamic Identity
0.20
Multi-Agent Interactions
0.10
Non-Determinism
0.60
Opacity & Reflexivity
0.50

Scored with the canonical OWASP AIVSS formula (AIVSS calculator reference); agentic risk factors estimated from the agent’s described capabilities.

MAESTRO 7-layer threat model

Per-layer threats for this agent. Layers tagged “not certain from listing” are general, caveated commentary where the public description didn’t pin that layer.

L1 · Foundation Models⚠ not certain from listing

Not certain from the listing — The underlying LLMs are not specified. General risks include prompt injection leading to unauthorized tool execution (e.g., booking manipulation) or extraction of system prompts.

L2 · Data Operations⚠ not certain from listing

Not certain from the listing — Details on vector stores or RAG data handling are omitted. However, the agent collects customer information and preferences, presenting risks of PII exfiltration or data poisoning via malicious user inputs.

L3 · Agent Frameworks✓ mapped

The agent orchestrates scheduling, reservations, and bookings using integrations like Google Calendar and messaging APIs. Threats include insecure tool integration and tool misuse, such as exhausting calendar slots or sending spam via Telegram/Instagram.

L4 · Deployment & Infrastructure⚠ not certain from listing

Not certain from the listing — Hosting, sandboxing, and secrets management details are not provided. General risks include exposure of API keys for Google, Instagram, and Telegram integrations.

L5 · Evaluation & Observability⚠ not certain from listing

Not certain from the listing — No mention of built-in guardrails, logging, or drift detection. General risk of undetected prompt injections or abusive interactions in real-time voice/chat.

L6 · Security & Compliance (cross-cutting)⚠ not certain from listing

Not certain from the listing — Compliance certifications (e.g., GDPR for PII collection, SOC2) are not stated. Risks include unauthorized access to customer data and lack of audit trails for automated bookings.

L7 · Agent Ecosystem✓ mapped

The platform deploys agents that interact with external ecosystems (Google, Instagram, Telegram). Threats include cascading failures if external APIs rate-limit the agent, or trust abuse where the agent is used as a vector to social-engineer customers.

MAESTRO — the 7-layer agentic threat-modeling framework (Cloud Security Alliance / Ken Huang).