AgentReadyHomeAgent Listing

← SegWize

SegWize — agentic threat model

7.4AIVSS 7.4 · High

SegWize presents a moderate security risk primarily centered on data privacy and integrity, as it processes sensitive financial and property documents to generate tax reports. While its agentic autonomy is low with no direct filing or transaction capabilities, vulnerabilities in document parsing or prompt injection could lead to data exfiltration or inaccurate tax classifications.

OWASP AIVSS score rationale

AIVSS = (CVSS_Base + AARS) × Mitigation_Factor, where AARS = (10 − CVSS_Base) × (Factor_Sum / 10) × ThM
CVSS base 6.5AARS uplift 0.91Factor sum 2.6/10Threat ×1.0Mitigation ×1.0
Autonomy of Action
0.30
Goal-Driven Planning
0.40
Self-Modification
0.00
Dynamic Tool Use
0.30
Persistent Memory
0.20
Contextual Awareness
0.50
Dynamic Identity
0.00
Multi-Agent Interactions
0.00
Non-Determinism
0.40
Opacity & Reflexivity
0.50

Scored with the canonical OWASP AIVSS formula (AIVSS calculator reference); agentic risk factors estimated from the agent’s described capabilities.

MAESTRO 7-layer threat model

Per-layer threats for this agent. Layers tagged “not certain from listing” are general, caveated commentary where the public description didn’t pin that layer.

L1 · Foundation Models⚠ not certain from listing

Not certain from the listing — The underlying foundation models are not specified. However, they are susceptible to indirect prompt injection via malicious text embedded in uploaded property or renovation documents, which could manipulate the cost segregation logic.

L2 · Data Operations✓ mapped

The agent ingests highly sensitive user-uploaded financial documents (closing disclosures, renovation receipts) and supplements them with public data. This creates a high-value target for data exfiltration and requires robust ingestion pipelines to prevent document-based exploits.

L3 · Agent Frameworks⚠ not certain from listing

Not certain from the listing — The orchestration framework is undisclosed. Risks include insecure tool execution during document parsing and public data scraping, which could be exploited if input validation is weak.

L4 · Deployment & Infrastructure⚠ not certain from listing

Not certain from the listing — No details are provided regarding hosting, document storage encryption, or sandboxing of the document extraction environment, leaving potential risks of unauthorized access to stored tax documents.

L5 · Evaluation & Observability⚠ not certain from listing

Not certain from the listing — There is no mention of continuous evaluation or guardrails to detect drift in IRS guidelines or to verify the mathematical accuracy of the AI-generated cost segregation reports.

L6 · Security & Compliance (cross-cutting)⚠ not certain from listing

Not certain from the listing — The platform handles sensitive financial and personally identifiable information (PII) but does not declare compliance with financial data protection standards (e.g., GLBA) or security certifications.

L7 · Agent Ecosystem✓ mapped

The agent operates as a standalone vertical tool with no multi-agent coordination or marketplace integrations described, minimizing ecosystem-level cascading risks.

MAESTRO — the 7-layer agentic threat-modeling framework (Cloud Security Alliance / Ken Huang).