OwlAI AI Assistant — agentic threat model
OwlAI is a low-to-moderate risk customer-facing assistant whose primary exposures stem from its public-facing nature, integration with scheduling tools (Calendly), and handling of user intake data (PII) without explicit security or compliance guardrails mentioned.
OWASP AIVSS score rationale
| Autonomy of Action | 0.60 | |
| Goal-Driven Planning | 0.40 | |
| Self-Modification | 0.00 | |
| Dynamic Tool Use | 0.30 | |
| Persistent Memory | 0.20 | |
| Contextual Awareness | 0.50 | |
| Dynamic Identity | 0.10 | |
| Multi-Agent Interactions | 0.00 | |
| Non-Determinism | 0.60 | |
| Opacity & Reflexivity | 0.50 |
Scored with the canonical OWASP AIVSS formula (AIVSS calculator reference); agentic risk factors estimated from the agent’s described capabilities.
MAESTRO 7-layer threat model
Per-layer threats for this agent. Layers tagged “not certain from listing” are general, caveated commentary where the public description didn’t pin that layer.
Uses OpenAI LLMs. Vulnerable to prompt injection, jailbreaking, and adversarial inputs that could cause the bot to misrepresent company policies, offer unauthorized discounts, or output offensive content.
Trained on company products, services, and policies. Risks include knowledge-base poisoning if training sources are compromised, and data exfiltration of proprietary or sensitive internal policies via crafted user queries.
Orchestrates intake forms and Calendly booking. Vulnerabilities include insecure tool integration where prompt injection could manipulate API payloads to Calendly or bypass validation on intake forms.
Not certain from the listing — Hosted closed-source SaaS. Potential threats include insecure storage of OpenAI and Calendly API keys, lack of network isolation, and standard web application vulnerabilities on the hosting infrastructure.
Not certain from the listing — No mention of real-time monitoring, guardrails, or logging of interactions. This creates blind spots for detecting prompt injection attacks or system drift.
Not certain from the listing — No compliance certifications (e.g., SOC2, GDPR) are cited despite the agent collecting lead data and PII through intake forms, posing regulatory and data privacy risks.
Not certain from the listing — Operates as a single-agent system. Risks are limited to third-party ecosystem dependencies like Calendly and OpenAI API availability and security.
MAESTRO — the 7-layer agentic threat-modeling framework (Cloud Security Alliance / Ken Huang).