AgentReadyHomeAgent ListingPricing

← Refact.ai

Refact.ai — agentic threat model

7.5AIVSS 7.5 · High

Refact.ai presents a moderate-to-high risk profile primarily centered on intellectual property exposure and potential supply chain code injection, mitigated significantly by its self-hosted and on-premise deployment options.

OWASP AIVSS score rationale

AIVSS = (CVSS_Base + AARS) × Mitigation_Factor, where AARS = (10 − CVSS_Base) × (Factor_Sum / 10) × ThM
CVSS base 8.2AARS uplift 0.61Factor sum 3.4/10Threat ×1.0Mitigation ×0.85
Autonomy of Action
0.30
Goal-Driven Planning
0.20
Self-Modification
0.10
Dynamic Tool Use
0.40
Persistent Memory
0.30
Contextual Awareness
0.80
Dynamic Identity
0.10
Multi-Agent Interactions
0.10
Non-Determinism
0.60
Opacity & Reflexivity
0.50

Scored with the canonical OWASP AIVSS formula (AIVSS calculator reference); agentic risk factors estimated from the agent’s described capabilities.

MAESTRO 7-layer threat model

Per-layer threats for this agent. Layers tagged “not certain from listing” are general, caveated commentary where the public description didn’t pin that layer.

L1 · Foundation Models✓ mapped

Utilizes LLMs for code completion and refactoring, supporting model fine-tuning for enterprise clients. Threats include model poisoning during fine-tuning and adversarial prompt injection leading to malicious code generation.

L2 · Data Operations✓ mapped

Employs Retrieval-Augmented Generation (RAG) to ingest and understand entire codebases. This introduces risks of codebase data exfiltration, embedding inversion, and RAG poisoning if malicious code is introduced into the repository.

L3 · Agent Frameworks✓ mapped

Integrates directly into IDEs (VS Code, JetBrains) to perform refactoring and code generation. Vulnerabilities in the plugin framework or insecure tool integration could allow unauthorized file system access or execution of generated code.

L4 · Deployment & Infrastructure✓ mapped

Supports self-hosting and on-premise deployment, which limits external network exposure but shifts the responsibility of secure hosting, container isolation, and credential management to the user.

L5 · Evaluation & Observability⚠ not certain from listing

Not certain from the listing — there is no explicit mention of built-in guardrails, output sanitization, or logging/observability frameworks to detect anomalous or malicious code suggestions before they are accepted by the developer.

L6 · Security & Compliance (cross-cutting)⚠ not certain from listing

Not certain from the listing — while 'data privacy' is highlighted via self-hosting, specific compliance certifications (e.g., SOC2, ISO 27001) or access control policies for enterprise fine-tuning are not detailed.

L7 · Agent Ecosystem⚠ not certain from listing

Not certain from the listing — the agent operates as a standalone developer assistant within the IDE and does not explicitly feature multi-agent collaboration or marketplace integrations.

MAESTRO — the 7-layer agentic threat-modeling framework (Cloud Security Alliance / Ken Huang).

These scores are auto-generated from public information (the agent's own listing, docs, and repository) using the canonical OWASP AIVSS formula and the MAESTRO framework — an estimate for guidance, not a penetration test, audit, or certification. See the scoring methodology. Are you the vendor? Factual corrections are free.