CodeGPT — agentic threat model
CodeGPT presents a high-risk profile due to its deep integration into developer IDEs and local codebases, combined with an active AI Agent Marketplace that introduces supply-chain risks from third-party agents.
OWASP AIVSS score rationale
| Autonomy of Action | 0.40 | |
| Goal-Driven Planning | 0.50 | |
| Self-Modification | 0.20 | |
| Dynamic Tool Use | 0.60 | |
| Persistent Memory | 0.40 | |
| Contextual Awareness | 0.80 | |
| Dynamic Identity | 0.30 | |
| Multi-Agent Interactions | 0.70 | |
| Non-Determinism | 0.60 | |
| Opacity & Reflexivity | 0.50 |
Scored with the canonical OWASP AIVSS formula (AIVSS calculator reference); agentic risk factors estimated from the agent’s described capabilities.
MAESTRO 7-layer threat model
Per-layer threats for this agent. Layers tagged “not certain from listing” are general, caveated commentary where the public description didn’t pin that layer.
Not certain from the listing — The specific foundation models used by CodeGPT are not detailed, but closed-source integration implies reliance on external APIs. Primary threats include prompt injection via malicious code comments (adversarial examples) and model misalignment leading to insecure code generation.
CodeGPT indexes entire codebases and project contexts. This creates a high risk of data exfiltration if the agent is compromised, as well as codebase poisoning if malicious code is introduced into the local repository and indexed into the agent's context.
The platform features an 'AI Agent Creator' and orchestrates tasks like auto-completion and complex problem-solving. Vulnerabilities here include insecure tool integration, where the agent might execute malicious terminal commands or write backdoored code directly into the IDE.
Integrates directly into VS Code, web browsers, and chat platforms. A compromise at this layer could lead to local host compromise, privilege escalation, or unauthorized access to local developer environment secrets and SSH keys.
Not certain from the listing — There is no mention of built-in guardrails, evaluation frameworks, or logging mechanisms to monitor agent actions or detect anomalous code generation patterns within the developer's environment.
Not certain from the listing — The listing does not specify any compliance certifications (e.g., SOC2, ISO) or identity governance controls, raising concerns about intellectual property leakage and compliance with open-source licensing.
Features an 'AI Agent Marketplace'. This introduces significant supply-chain risks, where users might download rogue or compromised third-party agents that execute malicious actions or exfiltrate proprietary codebases.
MAESTRO — the 7-layer agentic threat-modeling framework (Cloud Security Alliance / Ken Huang).