AgentReadyHomeAgent Listing

← Codestral 25.01

Codestral 25.01 — agentic threat model

6.6AIVSS 6.6 · Medium

Codestral 25.01 is a high-performance code generation LLM with low inherent agentic autonomy, but its primary risk lies in the potential generation of insecure or malicious code that could be executed by downstream developers or systems.

OWASP AIVSS score rationale

AIVSS = (CVSS_Base + AARS) × Mitigation_Factor, where AARS = (10 − CVSS_Base) × (Factor_Sum / 10) × ThM
CVSS base 6.8AARS uplift 0.58Factor sum 1.8/10Threat ×1.0Mitigation ×0.9
Autonomy of Action
0.10
Goal-Driven Planning
0.10
Self-Modification
0.00
Dynamic Tool Use
0.10
Persistent Memory
0.00
Contextual Awareness
0.40
Dynamic Identity
0.00
Multi-Agent Interactions
0.00
Non-Determinism
0.50
Opacity & Reflexivity
0.60

Scored with the canonical OWASP AIVSS formula (AIVSS calculator reference); agentic risk factors estimated from the agent’s described capabilities.

MAESTRO 7-layer threat model

Per-layer threats for this agent. Layers tagged “not certain from listing” are general, caveated commentary where the public description didn’t pin that layer.

L1 · Foundation Models✓ mapped

As a foundational coding model, L1 threats are highly relevant. Risks include model stealing of this proprietary model, adversarial prompt injection to bypass code safety filters, and potential training data poisoning that could lead to the generation of insecure code.

L2 · Data Operations⚠ not certain from listing

Not certain from the listing — The listing does not detail the training data pipeline, RAG capabilities, or vector store integrations for Codestral 25.01, though data provenance and IP infringement are key risks for code models.

L3 · Agent Frameworks⚠ not certain from listing

Not certain from the listing — Codestral 25.01 is presented as a raw model/API rather than an agent framework, so orchestration, tool integration, and memory management are handled by external consumer applications.

L4 · Deployment & Infrastructure✓ mapped

The listing highlights a 'local deployment option for enterprises' alongside API access. Threats include infrastructure compromise of the hosting API or insecure local container/server deployments where the model is hosted.

L5 · Evaluation & Observability⚠ not certain from listing

Not certain from the listing — No specific guardrails, logging, or evaluation frameworks are mentioned in the listing, leaving monitoring of model drift or malicious code generation to the deployer.

L6 · Security & Compliance (cross-cutting)⚠ not certain from listing

Not certain from the listing — While it offers a 'local deployment option for enterprises' which helps with data privacy compliance, specific certifications (like SOC2, ISO) or compliance alignments are not detailed.

L7 · Agent Ecosystem⚠ not certain from listing

Not certain from the listing — The model does not natively operate in a multi-agent ecosystem or marketplace according to the listing, though it may be integrated into one by third parties.

MAESTRO — the 7-layer agentic threat-modeling framework (Cloud Security Alliance / Ken Huang).