ASBOS Threat Model

Assets

  • Guard identity and credential records
  • GPS and clock-event history
  • Voice recordings and call transcripts
  • Client contract and billing records
  • Incident reports
  • Scheduling and payroll data
  • Versioned policies, agent prompts, and model/tool versions

Key risks

  • Unauthorized access to client or employee records
  • Prompt injection through reports or client notes
  • Incorrect autonomous assignment of unqualified guards
  • Voice-agent misrepresentation or consent failure
  • Payroll manipulation
  • Overcollection of location or biometric data (including voiceprints under BIPA)
  • Missing audit trail for autonomous decisions
  • Silent data propagation — a bad credential date or incorrect pay rule affecting scheduling, payroll, and billing

Controls

  • Role-based access control and tenant isolation
  • Typed event validation with source provenance
  • Complete audit logging and policy versioning
  • Three-tier human escalation model
  • Reversible writes to systems of record
  • Data minimization and short retention periods for voice data
  • Encryption at rest and in transit
  • Explicit AI disclosure and human handoff for voice outreach
  • Automated tests for compliance and authorization boundaries

Highest-risk component

The voice agent combines automated outreach, negotiation-like dialogue, personal data, and possible recordings. The architecture constrains it to approved pay bands, approved recipients, explicit disclosures, short retention, and immediate human handoff.

The second major risk is silent data propagation. Typed events, source provenance, policy versioning, and reversible writes are core controls — not optional implementation details.