AgentReadyHomeAgent ListingPricing

← Sourcegraph Cody AI

Sourcegraph Cody AI — agentic threat model

8.2AIVSS 8.2 · High

Sourcegraph Cody AI presents a moderate-to-high risk profile primarily due to its deep integration with proprietary codebases and IDEs, making it a high-value target for source code exfiltration and supply chain poisoning via malicious code suggestions.

OWASP AIVSS score rationale

AIVSS = (CVSS_Base + AARS) × Mitigation_Factor, where AARS = (10 − CVSS_Base) × (Factor_Sum / 10) × ThM
CVSS base 8.5AARS uplift 0.57Factor sum 3.8/10Threat ×1.0Mitigation ×0.9
Autonomy of Action
0.30
Goal-Driven Planning
0.40
Self-Modification
0.10
Dynamic Tool Use
0.40
Persistent Memory
0.30
Contextual Awareness
0.80
Dynamic Identity
0.20
Multi-Agent Interactions
0.10
Non-Determinism
0.70
Opacity & Reflexivity
0.50

Scored with the canonical OWASP AIVSS formula (AIVSS calculator reference); agentic risk factors estimated from the agent’s described capabilities.

MAESTRO 7-layer threat model

Per-layer threats for this agent. Layers tagged “not certain from listing” are general, caveated commentary where the public description didn’t pin that layer.

L1 · Foundation Models⚠ not certain from listing

Not certain from the listing — Cody relies on external LLMs (e.g., Anthropic, OpenAI) or self-hosted models. Primary threats include prompt injection that could trick the model into generating insecure code, and potential model-reprogramming or alignment bypasses.

L2 · Data Operations✓ mapped

Cody leverages Sourcegraph's code graph and codebase-specific search for RAG. This introduces risks of codebase poisoning, where an attacker commits malicious code or comments to manipulate Cody's context and trick it into suggesting vulnerabilities to other developers.

L3 · Agent Frameworks✓ mapped

Cody supports custom commands and IDE integrations. Insecure tool integration or prompt injection could lead to local command execution or unauthorized file reads through the IDE extension's execution context.

L4 · Deployment & Infrastructure⚠ not certain from listing

Not certain from the listing — Cody operates via IDE extensions communicating with Sourcegraph cloud or on-premise servers. Threats include insecure local storage of API keys/tokens and potential man-in-the-middle attacks on code telemetry transit.

L5 · Evaluation & Observability⚠ not certain from listing

Not certain from the listing — Cody likely monitors usage telemetry, but a lack of real-time guardrails to detect adversarial prompt injections or anomalous code generation patterns could allow silent exploitation.

L6 · Security & Compliance (cross-cutting)⚠ not certain from listing

Not certain from the listing — Enterprise deployments likely inherit Sourcegraph's access controls, but weak RBAC integration could allow Cody to expose sensitive code segments to unauthorized internal users during search/RAG.

L7 · Agent Ecosystem⚠ not certain from listing

Not certain from the listing — Cody operates as a standalone developer assistant. While multi-agent risks are low, integration with external code hosts (GitHub, GitLab) creates trust boundary risks if those platforms are compromised.

MAESTRO — the 7-layer agentic threat-modeling framework (Cloud Security Alliance / Ken Huang).

These scores are auto-generated from public information (the agent's own listing, docs, and repository) using the canonical OWASP AIVSS formula and the MAESTRO framework — an estimate for guidance, not a penetration test, audit, or certification. See the scoring methodology. Are you the vendor? Factual corrections are free.