AgentReadyHomeAgent Listing

← Tidio Copilot

Tidio Copilot — agentic threat model

6.0AIVSS 6.0 · Medium

Tidio Copilot presents a low-to-moderate agentic risk due to its strict human-in-the-loop design (suggesting rather than sending replies), but carries notable data privacy and indirect prompt injection risks due to its deep integration with enterprise CRMs and email clients via a Chrome extension.

OWASP AIVSS score rationale

AIVSS = (CVSS_Base + AARS) × Mitigation_Factor, where AARS = (10 − CVSS_Base) × (Factor_Sum / 10) × ThM
CVSS base 6.8AARS uplift 0.7Factor sum 2.2/10Threat ×1.0Mitigation ×0.8
Autonomy of Action
0.10
Goal-Driven Planning
0.10
Self-Modification
0.00
Dynamic Tool Use
0.20
Persistent Memory
0.30
Contextual Awareness
0.60
Dynamic Identity
0.10
Multi-Agent Interactions
0.00
Non-Determinism
0.50
Opacity & Reflexivity
0.30

Scored with the canonical OWASP AIVSS formula (AIVSS calculator reference); agentic risk factors estimated from the agent’s described capabilities.

MAESTRO 7-layer threat model

Per-layer threats for this agent. Layers tagged “not certain from listing” are general, caveated commentary where the public description didn’t pin that layer.

L1 · Foundation Models⚠ not certain from listing

Not certain from the listing — The underlying foundation models are unspecified. Threats include indirect prompt injection via incoming customer emails/tickets, which could manipulate the suggested replies or attempt to exfiltrate system instructions.

L2 · Data Operations✓ mapped

Ingests custom knowledge bases, FAQs, uploaded content, and past conversations. Threats include knowledge-base poisoning (malicious FAQs) and the accidental ingestion of sensitive customer PII, which could then be leaked in suggested replies.

L3 · Agent Frameworks✓ mapped

Orchestrates context retrieval and reply generation. Threats include insecure tool integration where the Chrome extension might read sensitive DOM elements (like passwords or credit cards) from Zendesk or Gmail pages.

L4 · Deployment & Infrastructure⚠ not certain from listing

Not certain from the listing — Hosted infrastructure details are omitted. Threats include insecure transit of CRM data to Tidio's backend servers and potential compromise of the Chrome extension's update pipeline.

L5 · Evaluation & Observability⚠ not certain from listing

Not certain from the listing — No explicit mention of real-time guardrails or observability tools to detect toxic, biased, or hallucinated reply suggestions before they reach the human agent.

L6 · Security & Compliance (cross-cutting)✓ mapped

Claims GDPR and CCPA compliance and enterprise-grade security. However, the lack of explicit SOC2 or ISO certifications in the listing leaves compliance verification gaps.

L7 · Agent Ecosystem✓ mapped

Integrates directly with Zendesk, Intercom, Gorgias, and Gmail. Threats include cross-platform data leakage, where data from one platform is inadvertently suggested as a reply in another.

MAESTRO — the 7-layer agentic threat-modeling framework (Cloud Security Alliance / Ken Huang).