Cody by Sourcegraph — agentic threat model
Cody poses a high-impact risk due to its deep integration with proprietary codebases and code graphs, making it a prime target for source code exfiltration or malicious code injection if compromised.
OWASP AIVSS score rationale
| Autonomy of Action | 0.30 | |
| Goal-Driven Planning | 0.40 | |
| Self-Modification | 0.10 | |
| Dynamic Tool Use | 0.50 | |
| Persistent Memory | 0.30 | |
| Contextual Awareness | 0.80 | |
| Dynamic Identity | 0.20 | |
| Multi-Agent Interactions | 0.10 | |
| Non-Determinism | 0.70 | |
| Opacity & Reflexivity | 0.60 |
Scored with the canonical OWASP AIVSS formula (AIVSS calculator reference); agentic risk factors estimated from the agent’s described capabilities.
MAESTRO 7-layer threat model
Per-layer threats for this agent. Layers tagged “not certain from listing” are general, caveated commentary where the public description didn’t pin that layer.
Not certain from the listing — uses closed-source foundation models (likely third-party APIs) to generate code, posing risks of adversarial prompt injection or model misalignment.
Reads the entire codebase and code graph, creating a high-value target for data exfiltration, intellectual property theft, or codebase poisoning via malicious repository inputs.
Orchestrates code reading and writing tools. Vulnerabilities in the tool-calling framework could allow unauthorized file system access or execution of arbitrary code during context gathering.
Not certain from the listing — likely deploys as an IDE extension or enterprise self-hosted/cloud instance, requiring secure sandboxing to prevent local command execution or unauthorized file system access.
Not certain from the listing — requires robust logging of LLM suggestions and user acceptances to detect drift, hallucinated packages, or malicious code generation.
Not certain from the listing — requires strict access controls (RBAC) to ensure Cody only accesses codebases the active user is authorized to view, preventing privilege escalation.
Not certain from the listing — does not explicitly mention multi-agent coordination or third-party agent marketplaces.
MAESTRO — the 7-layer agentic threat-modeling framework (Cloud Security Alliance / Ken Huang).