Wallabi — agentic threat model

9.2AIVSS 9.2 · Critical

Wallabi presents a high-risk profile due to its deep integrations with critical GTM data sources (Salesforce, HubSpot) and its deployment as a Chrome Extension, which expands the client-side attack surface. The combination of automated data engineering and LLM-driven querying increases the risk of data exfiltration and prompt injection-based tool abuse.

OWASP AIVSS score rationale

AIVSS = (CVSS_Base + AARS) × Mitigation_Factor, where AARS = (10 − CVSS_Base) × (Factor_Sum / 10) × ThM

CVSS base 8.5AARS uplift 0.72Factor sum 4.6/10Threat ×1.05Mitigation ×1.0

Autonomy of Action		0.60
Goal-Driven Planning		0.60
Self-Modification		0.10
Dynamic Tool Use		0.80
Persistent Memory		0.50
Contextual Awareness		0.70
Dynamic Identity		0.20
Multi-Agent Interactions		0.10
Non-Determinism		0.50
Opacity & Reflexivity		0.50

Scored with the canonical OWASP AIVSS formula (AIVSS calculator reference); agentic risk factors estimated from the agent’s described capabilities.

MAESTRO 7-layer threat model

Per-layer threats for this agent. Layers tagged “not certain from listing” are general, caveated commentary where the public description didn’t pin that layer.

L1 · Foundation Models⚠ not certain from listing

Not certain from the listing — Wallabi uses LLMs for querying, visualization, and data interpretation, but the specific foundation models are not disclosed. Threats include prompt injection altering data interpretations or generating malicious database queries.

L2 · Data Operations✓ mapped

Wallabi performs automated data engineering (extraction, transformation, modeling) and warehousing, integrating with Salesforce, HubSpot, and Google Analytics. Threats include data poisoning of the warehouse, ingestion of malicious payloads from connected APIs, and unauthorized data exfiltration of sensitive GTM/PII data.

L3 · Agent Frameworks✓ mapped

Orchestrated via a proprietary 'Reasoning Graph' and 'Recommendation Engine' to query and interpret data. Threats include insecure tool/API integration with Salesforce/HubSpot, and prompt injection leading to unauthorized tool execution or data manipulation.

L4 · Deployment & Infrastructure✓ mapped

Delivered as a lightweight Chrome Extension and a cloud-based data warehouse. Threats include extension-side vulnerabilities (XSS, session hijacking), insecure storage of API keys/secrets for Salesforce/HubSpot, and container/warehouse compromise.

L5 · Evaluation & Observability⚠ not certain from listing

Not certain from the listing — No details are provided regarding evaluation frameworks, guardrails, or observability tools used to monitor the Reasoning Graph or query generation. Gaps could lead to undetected drift or silent failures in data modeling.

L6 · Security & Compliance (cross-cutting)⚠ not certain from listing

Not certain from the listing — No explicit mention of compliance certifications (e.g., SOC 2, GDPR), OAuth token management policies, or fine-grained access controls for the integrated GTM data.

L7 · Agent Ecosystem⚠ not certain from listing

Not certain from the listing — The agent operates primarily as a standalone GTM analyst integrating with APIs rather than interacting within a multi-agent ecosystem or marketplace.

MAESTRO — the 7-layer agentic threat-modeling framework (Cloud Security Alliance / Ken Huang).