Xeritus — agentic threat model

7.4AIVSS 7.4 · High

Xeritus presents a high-consequence risk profile due to its handling of sensitive medical debt data (PHI/PII) and automated outbound dialing at scale. While its deterministic behavior limits autonomous decision-making risks, any compromise of its telephony or data integration layers could result in severe regulatory violations and data breaches.

OWASP AIVSS score rationale

AIVSS = (CVSS_Base + AARS) × Mitigation_Factor, where AARS = (10 − CVSS_Base) × (Factor_Sum / 10) × ThM

CVSS base 8.2AARS uplift 0.49Factor sum 2.6/10Threat ×1.05Mitigation ×0.85

Autonomy of Action		0.60
Goal-Driven Planning		0.30
Self-Modification		0.00
Dynamic Tool Use		0.30
Persistent Memory		0.40
Contextual Awareness		0.50
Dynamic Identity		0.20
Multi-Agent Interactions		0.00
Non-Determinism		0.10
Opacity & Reflexivity		0.20

Scored with the canonical OWASP AIVSS formula (AIVSS calculator reference); agentic risk factors estimated from the agent’s described capabilities.

MAESTRO 7-layer threat model

Per-layer threats for this agent. Layers tagged “not certain from listing” are general, caveated commentary where the public description didn’t pin that layer.

L1 · Foundation Models⚠ not certain from listing

Not certain from the listing — likely utilizes a pipeline of speech-to-text, LLM, and text-to-speech models. Primary threats include voice-based prompt injection (vishing-style exploits) to bypass compliance guardrails or force the model into generating non-compliant, harassing, or misaligned outputs.

L2 · Data Operations⚠ not certain from listing

Not certain from the listing — requires deep integration with medical billing databases and patient records containing PHI and PII. Threats include unauthorized data exfiltration of sensitive medical debt details, or database poisoning that could lead to incorrect debt collection attempts.

L3 · Agent Frameworks⚠ not certain from listing

Not certain from the listing — orchestration is described as 'deterministic', suggesting a highly constrained state-machine or rigid prompt-flow rather than open-ended planning. Threats include logic flaws in the call-flow state machine that could cause the agent to violate call-time restrictions or repeat prohibited statements.

L4 · Deployment & Infrastructure⚠ not certain from listing

Not certain from the listing — infrastructure must support high-throughput telephony (up to 10,000 concurrent voice streams). Threats include SIP trunk hijacking, toll fraud, denial of service (DoS) targeting the voice gateway, and insecure storage of call recordings containing PHI.

L5 · Evaluation & Observability⚠ not certain from listing

Not certain from the listing — requires robust real-time monitoring and logging to guarantee FDCPA/TCPA compliance. Threats include logging blind spots where non-compliant agent statements go undetected, or failure to log opt-out requests (e.g., 'stop calling me') accurately.

L6 · Security & Compliance (cross-cutting)✓ mapped

The agent explicitly claims 100% FDCPA, TCPA, and state-specific regulatory compliance. However, handling medical debt introduces strict HIPAA and HITECH compliance requirements; any failure in access control, encryption, or audit logging represents a critical compliance failure.

L7 · Agent Ecosystem⚠ not certain from listing

Not certain from the listing — operates as a vertical, single-purpose solution rather than a multi-agent ecosystem. Threats are primarily limited to integration point vulnerabilities (e.g., compromised API keys for healthcare CRM/billing systems) rather than agent-to-agent trust abuse.

MAESTRO — the 7-layer agentic threat-modeling framework (Cloud Security Alliance / Ken Huang).