AgentReadyHomeAgent ListingPricing

← Mistral Small 3

Mistral Small 3 — agentic threat model

6.9AIVSS 6.9 · Medium

Mistral Small 3 is a raw foundation model with function-calling capabilities designed for local deployment, presenting low inherent agentic risk unless integrated into an active orchestration framework without proper sandboxing.

OWASP AIVSS score rationale

AIVSS = (CVSS_Base + AARS) × Mitigation_Factor, where AARS = (10 − CVSS_Base) × (Factor_Sum / 10) × ThM
CVSS base 6.0AARS uplift 0.92Factor sum 2.3/10Threat ×1.0Mitigation ×1.0
Autonomy of Action
0.10
Goal-Driven Planning
0.20
Self-Modification
0.00
Dynamic Tool Use
0.30
Persistent Memory
0.00
Contextual Awareness
0.40
Dynamic Identity
0.00
Multi-Agent Interactions
0.10
Non-Determinism
0.50
Opacity & Reflexivity
0.70

Scored with the canonical OWASP AIVSS formula (AIVSS calculator reference); agentic risk factors estimated from the agent’s described capabilities.

MAESTRO 7-layer threat model

Per-layer threats for this agent. Layers tagged “not certain from listing” are general, caveated commentary where the public description didn’t pin that layer.

L1 · Foundation Models✓ mapped

As a 24B foundation model, L1 threats are highly relevant. The model is susceptible to prompt injection, adversarial jailbreaks, and goal hijacking, which can manipulate its instruction-following behavior.

L2 · Data Operations⚠ not certain from listing

Not certain from the listing — the model is provided as raw weights under Apache 2.0. Any data operations, RAG pipelines, or vector database integrations are entirely dependent on the user's implementation.

L3 · Agent Frameworks✓ mapped

The model natively supports function calling, which introduces risks of tool misuse or injection if the downstream orchestration framework executes these calls without strict schema validation and sanitization.

L4 · Deployment & Infrastructure✓ mapped

Optimized for local deployment (e.g., RTX 4090, Macbook). The primary infrastructure threats involve local host exposure, lack of containerization, and insecure local API endpoints (e.g., Ollama/vLLM) hosting the model.

L5 · Evaluation & Observability⚠ not certain from listing

Not certain from the listing — there are no built-in guardrails, evaluation frameworks, or observability logging mechanisms described in the raw model release.

L6 · Security & Compliance (cross-cutting)⚠ not certain from listing

Not certain from the listing — compliance, access control, and policy enforcement are not handled by the model itself and must be wrapped around it by the deploying organization.

L7 · Agent Ecosystem⚠ not certain from listing

Not certain from the listing — the model does not natively operate in a multi-agent ecosystem or marketplace, though it can be utilized as the brain for agents within such systems.

MAESTRO — the 7-layer agentic threat-modeling framework (Cloud Security Alliance / Ken Huang).

These scores are auto-generated from public information (the agent's own listing, docs, and repository) using the canonical OWASP AIVSS formula and the MAESTRO framework — an estimate for guidance, not a penetration test, audit, or certification. See the scoring methodology. Are you the vendor? Factual corrections are free.