Codestral 25.01 — agentic threat model
Codestral 25.01 is a high-performance code generation LLM with low inherent agentic autonomy, but its primary risk lies in the potential generation of insecure or malicious code that could be executed by downstream developers or systems.
OWASP AIVSS score rationale
| Autonomy of Action | 0.10 | |
| Goal-Driven Planning | 0.10 | |
| Self-Modification | 0.00 | |
| Dynamic Tool Use | 0.10 | |
| Persistent Memory | 0.00 | |
| Contextual Awareness | 0.40 | |
| Dynamic Identity | 0.00 | |
| Multi-Agent Interactions | 0.00 | |
| Non-Determinism | 0.50 | |
| Opacity & Reflexivity | 0.60 |
Scored with the canonical OWASP AIVSS formula (AIVSS calculator reference); agentic risk factors estimated from the agent’s described capabilities.
MAESTRO 7-layer threat model
Per-layer threats for this agent. Layers tagged “not certain from listing” are general, caveated commentary where the public description didn’t pin that layer.
As a foundational coding model, L1 threats are highly relevant. Risks include model stealing of this proprietary model, adversarial prompt injection to bypass code safety filters, and potential training data poisoning that could lead to the generation of insecure code.
Not certain from the listing — The listing does not detail the training data pipeline, RAG capabilities, or vector store integrations for Codestral 25.01, though data provenance and IP infringement are key risks for code models.
Not certain from the listing — Codestral 25.01 is presented as a raw model/API rather than an agent framework, so orchestration, tool integration, and memory management are handled by external consumer applications.
The listing highlights a 'local deployment option for enterprises' alongside API access. Threats include infrastructure compromise of the hosting API or insecure local container/server deployments where the model is hosted.
Not certain from the listing — No specific guardrails, logging, or evaluation frameworks are mentioned in the listing, leaving monitoring of model drift or malicious code generation to the deployer.
Not certain from the listing — While it offers a 'local deployment option for enterprises' which helps with data privacy compliance, specific certifications (like SOC2, ISO) or compliance alignments are not detailed.
Not certain from the listing — The model does not natively operate in a multi-agent ecosystem or marketplace according to the listing, though it may be integrated into one by third parties.
MAESTRO — the 7-layer agentic threat-modeling framework (Cloud Security Alliance / Ken Huang).