AgentReadyHomeAgent Listing

← Nucleus AI

Nucleus AI — agentic threat model

8.3AIVSS 8.3 · High

Nucleus AI acts as an automated business communications agent handling inbound calls, SMS, and emails. Its primary risk lies in its direct exposure to the public telephony network, making it vulnerable to voice-based prompt injection (vishing) and unauthorized message dispatch.

OWASP AIVSS score rationale

AIVSS = (CVSS_Base + AARS) × Mitigation_Factor, where AARS = (10 − CVSS_Base) × (Factor_Sum / 10) × ThM
CVSS base 7.5AARS uplift 0.85Factor sum 3.4/10Threat ×1.0Mitigation ×1.0
Autonomy of Action
0.60
Goal-Driven Planning
0.30
Self-Modification
0.00
Dynamic Tool Use
0.50
Persistent Memory
0.30
Contextual Awareness
0.40
Dynamic Identity
0.20
Multi-Agent Interactions
0.00
Non-Determinism
0.60
Opacity & Reflexivity
0.50

Scored with the canonical OWASP AIVSS formula (AIVSS calculator reference); agentic risk factors estimated from the agent’s described capabilities.

MAESTRO 7-layer threat model

Per-layer threats for this agent. Layers tagged “not certain from listing” are general, caveated commentary where the public description didn’t pin that layer.

L1 · Foundation Models⚠ not certain from listing

Not certain from the listing — likely utilizes proprietary or third-party speech-to-text, LLM, and text-to-speech models. It is highly vulnerable to voice-based prompt injection (vishing) where callers attempt to manipulate the underlying LLM instructions.

L2 · Data Operations⚠ not certain from listing

Not certain from the listing — must store call transcripts, caller phone numbers, and message content. This introduces risks of PII exfiltration and database injection if transcribed voice inputs are not sanitized before storage.

L3 · Agent Frameworks⚠ not certain from listing

Not certain from the listing — orchestrates call reception, message taking, and notification triggers. Insecure tool integration could allow an attacker to exploit the SMS/email dispatch tools to send spam or phishing messages from the business's identity.

L4 · Deployment & Infrastructure⚠ not certain from listing

Not certain from the listing — relies on telephony infrastructure (VoIP/SIP) and cloud hosting. Vulnerabilities include SIP trunk exploitation, toll fraud, and unauthorized access to telephony API credentials.

L5 · Evaluation & Observability⚠ not certain from listing

Not certain from the listing — no details are provided regarding real-time call monitoring, transcription guardrails, or anomaly detection for abusive/manipulative callers.

L6 · Security & Compliance (cross-cutting)⚠ not certain from listing

Not certain from the listing — handling voice calls and sending SMS/emails triggers strict compliance requirements (e.g., TCPA, GDPR, CCPA). There is no mention of data encryption, access controls, or compliance certifications.

L7 · Agent Ecosystem⚠ not certain from listing

Not certain from the listing — operates as a standalone digital worker, but risks escalate if it is integrated into downstream business systems like CRMs or ticketing platforms without strict trust boundaries.

MAESTRO — the 7-layer agentic threat-modeling framework (Cloud Security Alliance / Ken Huang).