Salesman — agentic threat model

Not certain from the listing — The underlying foundation model is unspecified. The primary threat is prompt injection (jailbreaking) that could force the agent to output inappropriate content, offer unauthorized discounts, or deviate from the brand's tone of voice.

The agent is tailored to specific business products, services, and tone, indicating a RAG or fine-tuning data pipeline. Threats include knowledge-base poisoning (injecting false product details or malicious links into the sales database) and unauthorized extraction of proprietary business data via conversational probing.

The agent orchestrates interactions across chat, email, and social media. Insecure tool integration is a major threat here; if the agent's email or social media posting tools lack strict output sanitization, an attacker could exploit the agent to send spam, phishing links, or malicious posts to external users.

Not certain from the listing — The hosting infrastructure and API sandboxing mechanisms are not detailed. General threats include API key exposure for the integrated social media/email platforms and lack of network isolation between the chatbot service and internal business systems.

Not certain from the listing — There is no mention of real-time guardrails, conversation logging, or drift monitoring. Without these, malicious interactions or brand-damaging outputs could go undetected for extended periods.

Not certain from the listing — Compliance certifications (such as SOC 2 or GDPR) and access control policies are not specified. The agent likely handles customer PII (emails, social media handles), making data privacy compliance a critical but unverified layer.

Not certain from the listing — It is unclear if the agent interacts with other automated agents (e.g., inventory or CRM agents). If integrated, a compromise of the Salesman agent could lead to downstream cascading failures in the broader e-commerce ecosystem.