AgentReadyHomeAgent Listing

← telli

telli — agentic threat model

9.1AIVSS 9.1 · Critical

telli presents a high agentic risk profile due to its autonomous outbound calling and SMS capabilities, which handle sensitive B2C lead data (e.g., mortgages, insurance) and could be exploited for automated vishing, toll fraud, or social engineering if compromised.

OWASP AIVSS score rationale

AIVSS = (CVSS_Base + AARS) × Mitigation_Factor, where AARS = (10 − CVSS_Base) × (Factor_Sum / 10) × ThM
CVSS base 8.2AARS uplift 0.93Factor sum 4.9/10Threat ×1.05Mitigation ×1.0
Autonomy of Action
0.80
Goal-Driven Planning
0.70
Self-Modification
0.10
Dynamic Tool Use
0.60
Persistent Memory
0.40
Contextual Awareness
0.60
Dynamic Identity
0.20
Multi-Agent Interactions
0.10
Non-Determinism
0.80
Opacity & Reflexivity
0.60

Scored with the canonical OWASP AIVSS formula (AIVSS calculator reference); agentic risk factors estimated from the agent’s described capabilities.

MAESTRO 7-layer threat model

Per-layer threats for this agent. Layers tagged “not certain from listing” are general, caveated commentary where the public description didn’t pin that layer.

L1 · Foundation Models⚠ not certain from listing

Not certain from the listing — likely relies on proprietary or third-party LLMs combined with TTS/STT models. Key threats include voice-based prompt injection (over-the-air injection) and model misalignment leading to reputational damage during live calls.

L2 · Data Operations⚠ not certain from listing

Not certain from the listing — processes highly sensitive consumer data (mortgages, solar, insurance). Threats include unauthorized access to call transcripts, recordings, and lead databases, as well as data exfiltration via conversational manipulation.

L3 · Agent Frameworks✓ mapped

Orchestrates conversational state machines to drive outcomes like qualification, booking, and transfers. Threats include logic bypasses where callers trick the agent into booking fake appointments or executing unauthorized call transfers.

L4 · Deployment & Infrastructure⚠ not certain from listing

Not certain from the listing — requires integration with telephony infrastructure (SIP/WebRTC) and SMS gateways. Threats include API key theft (e.g., Twilio credentials), toll fraud, and SIP trunk hijacking to launch unauthorized robocalls.

L5 · Evaluation & Observability✓ mapped

Provides call analytics and insights. A key threat is the lack of real-time guardrails capable of detecting and terminating calls where the agent is being manipulated or exhibiting rogue behavior.

L6 · Security & Compliance (cross-cutting)⚠ not certain from listing

Not certain from the listing — must navigate strict regulatory frameworks like TCPA (telephony compliance), GDPR/CCPA (voice recording consent), and financial privacy laws. No security certifications are explicitly cited.

L7 · Agent Ecosystem⚠ not certain from listing

Not certain from the listing — interacts horizontally with external B2C systems, CRMs, and scheduling tools. Threats include cascading failures or data corruption in downstream CRMs due to injection attacks passed through voice inputs.

MAESTRO — the 7-layer agentic threat-modeling framework (Cloud Security Alliance / Ken Huang).