AgentReadyHomeAgent Listing

← Tidio

Tidio — agentic threat model

8.1AIVSS 8.1 · High

Tidio's Lyro AI bot presents a moderate-to-high risk profile due to its direct integration with e-commerce platforms like Shopify and access to sensitive customer data such as order histories and shopping carts. The primary threat vector is prompt injection leading to unauthorized data access or manipulation of the customer shopping experience.

OWASP AIVSS score rationale

AIVSS = (CVSS_Base + AARS) × Mitigation_Factor, where AARS = (10 − CVSS_Base) × (Factor_Sum / 10) × ThM
CVSS base 7.5AARS uplift 1.0Factor sum 4.0/10Threat ×1.0Mitigation ×0.95
Autonomy of Action
0.60
Goal-Driven Planning
0.40
Self-Modification
0.10
Dynamic Tool Use
0.50
Persistent Memory
0.40
Contextual Awareness
0.60
Dynamic Identity
0.20
Multi-Agent Interactions
0.30
Non-Determinism
0.50
Opacity & Reflexivity
0.40

Scored with the canonical OWASP AIVSS formula (AIVSS calculator reference); agentic risk factors estimated from the agent’s described capabilities.

MAESTRO 7-layer threat model

Per-layer threats for this agent. Layers tagged “not certain from listing” are general, caveated commentary where the public description didn’t pin that layer.

L1 · Foundation Models⚠ not certain from listing

Not certain from the listing — the specific foundation models powering Lyro are not disclosed. However, the primary threat at this layer is adversarial prompt injection, which could allow users to bypass customer service guardrails, extract system prompts, or generate inappropriate content.

L2 · Data Operations⚠ not certain from listing

Not certain from the listing — the exact database and vector store architecture for RAG are unspecified. The agent accesses Shopify order history and cart data, making it vulnerable to data exfiltration or unauthorized PII retrieval if the data access controls are not strictly isolated per session.

L3 · Agent Frameworks⚠ not certain from listing

Not certain from the listing — the underlying orchestration framework is proprietary. The integration with Shopify APIs for cart previews and order history lookups introduces risks of tool misuse, where a manipulated agent could execute unauthorized API calls or leak order details.

L4 · Deployment & Infrastructure⚠ not certain from listing

Not certain from the listing — details regarding cloud hosting, network isolation, and API credential storage are omitted. Compromise at this layer could expose Shopify API keys or social media integration tokens, leading to broader platform compromise.

L5 · Evaluation & Observability⚠ not certain from listing

Not certain from the listing — the presence of real-time guardrails or automated evaluation systems is not detailed. Without robust observability, malicious prompt injections or hallucinated product recommendations could go undetected until reported by users.

L6 · Security & Compliance (cross-cutting)⚠ not certain from listing

Not certain from the listing — compliance certifications (such as SOC 2 or GDPR compliance details) are not explicitly mentioned. Strong identity and access management are critical to ensure that customer support agents and the AI bot itself only access authorized tenant data.

L7 · Agent Ecosystem⚠ not certain from listing

Not certain from the listing — while the agent integrates with Shopify and social media platforms, it is unclear if it interacts with other autonomous agents. The primary ecosystem risk is cascading trust, where a compromise in Tidio could be leveraged to exploit connected Shopify stores.

MAESTRO — the 7-layer agentic threat-modeling framework (Cloud Security Alliance / Ken Huang).