AgentReadyHomeAgent Listing

← Plansom

Plansom — agentic threat model

9.0AIVSS 9.0 · Critical

Plansom acts as an agentic Work OS with high autonomy ('Do It For Me' task execution) and strategic planning capabilities, presenting a significant risk profile if granted write-access to enterprise tools without strict human-in-the-loop constraints.

OWASP AIVSS score rationale

AIVSS = (CVSS_Base + AARS) × Mitigation_Factor, where AARS = (10 − CVSS_Base) × (Factor_Sum / 10) × ThM
CVSS base 8.5AARS uplift 0.93Factor sum 5.9/10Threat ×1.05Mitigation ×0.95
Autonomy of Action
0.80
Goal-Driven Planning
0.80
Self-Modification
0.20
Dynamic Tool Use
0.70
Persistent Memory
0.60
Contextual Awareness
0.70
Dynamic Identity
0.20
Multi-Agent Interactions
0.70
Non-Determinism
0.60
Opacity & Reflexivity
0.60

Scored with the canonical OWASP AIVSS formula (AIVSS calculator reference); agentic risk factors estimated from the agent’s described capabilities.

MAESTRO 7-layer threat model

Per-layer threats for this agent. Layers tagged “not certain from listing” are general, caveated commentary where the public description didn’t pin that layer.

L1 · Foundation Models⚠ not certain from listing

Not certain from the listing — No details are provided regarding the underlying foundation models used by Plansom. Standard risks of model misalignment, prompt injection, or adversarial manipulation apply, particularly given the 'no prompt engineering required' claim which suggests pre-packaged system prompts.

L2 · Data Operations⚠ not certain from listing

Not certain from the listing — While Plansom processes organizational data for standups, progress tracking, and strategy generation, the specific vector databases, RAG pipelines, or data isolation mechanisms are not disclosed.

L3 · Agent Frameworks✓ mapped

Plansom features an orchestration framework that supports automated planning ('AI Plan'), management ('AI Manage'), and execution ('AI Execute'). The primary threat here is tool misuse or insecure tool integration, where 'Do It For Me' agents could execute unintended or malicious actions within the connected Work OS environment.

L4 · Deployment & Infrastructure⚠ not certain from listing

Not certain from the listing — The hosting environment, sandboxing of execution agents, and secrets management for third-party integrations are not detailed, despite the claim of 'Enterprise-grade privacy and security'.

L5 · Evaluation & Observability⚠ not certain from listing

Not certain from the listing — There is no mention of real-time monitoring, guardrails, or logging mechanisms to detect drift, anomalous agent behavior, or malicious inputs during task execution.

L6 · Security & Compliance (cross-cutting)⚠ not certain from listing

Not certain from the listing — Plansom claims 'Enterprise-grade privacy and security' and 'no technical skills needed' setup, but does not explicitly cite compliance certifications (e.g., SOC 2, ISO 27001) or specific identity and access management (IAM) controls.

L7 · Agent Ecosystem✓ mapped

Plansom utilizes multiple 'Do It For Me' AI agents to execute tasks. This multi-agent ecosystem introduces risks of cascading failures, agent-to-agent trust abuse, and unauthorized lateral actions if one agent is compromised or misinterprets a plan.

MAESTRO — the 7-layer agentic threat-modeling framework (Cloud Security Alliance / Ken Huang).