AgentReadyHomeAgent Listing

← Contrast Security

Contrast Security — agentic threat model

7.1AIVSS 7.1 · High

The Contrast Security MCP server presents a moderate-to-high risk profile; while it primarily acts as a read-only defensive data source for vulnerability remediation, its integration with active coding agents introduces risks of automated, insecure code generation if the remediation context is manipulated.

OWASP AIVSS score rationale

AIVSS = (CVSS_Base + AARS) × Mitigation_Factor, where AARS = (10 − CVSS_Base) × (Factor_Sum / 10) × ThM
CVSS base 7.5AARS uplift 0.9Factor sum 3.6/10Threat ×1.0Mitigation ×0.85
Autonomy of Action
0.40
Goal-Driven Planning
0.30
Self-Modification
0.00
Dynamic Tool Use
0.50
Persistent Memory
0.20
Contextual Awareness
0.60
Dynamic Identity
0.40
Multi-Agent Interactions
0.50
Non-Determinism
0.30
Opacity & Reflexivity
0.40

Scored with the canonical OWASP AIVSS formula (AIVSS calculator reference); agentic risk factors estimated from the agent’s described capabilities.

MAESTRO 7-layer threat model

Per-layer threats for this agent. Layers tagged “not certain from listing” are general, caveated commentary where the public description didn’t pin that layer.

L1 · Foundation Models⚠ not certain from listing

Not certain from the listing — The underlying LLM used by the host coding agent is unspecified, but threats include prompt injection that could trick the model into ignoring critical runtime vulnerability findings.

L2 · Data Operations✓ mapped

The agent ingests runtime vulnerability and SCA data from a Contrast org. Threats include data exfiltration of highly sensitive application security findings and potential poisoning of the vulnerability context.

L3 · Agent Frameworks✓ mapped

Operates as an MCP server providing tools to a coding agent. Threats include insecure tool integration where the coding agent misinterprets remediation context, leading to broken or vulnerable code patches.

L4 · Deployment & Infrastructure⚠ not certain from listing

Not certain from the listing — The deployment infrastructure of the MCP server is not detailed, but threats include exposure of Contrast API credentials and lack of sandboxing during local execution.

L5 · Evaluation & Observability⚠ not certain from listing

Not certain from the listing — No evaluation or observability guardrails are detailed, creating blind spots if the coding agent applies incorrect security remediations without human oversight.

L6 · Security & Compliance (cross-cutting)✓ mapped

Requires authentication against a Contrast org, providing a clear identity boundary. Compliance risks involve exposing proprietary source code structure and vulnerability data to external LLMs.

L7 · Agent Ecosystem✓ mapped

Explicitly designed to interact with a coding agent. Threats include trust abuse where the coding agent implicitly trusts the MCP server's output, or vice versa, leading to cascading security failures.

MAESTRO — the 7-layer agentic threat-modeling framework (Cloud Security Alliance / Ken Huang).