AgentReadyHomeAgent Listing

← DeepCoder-14B-Preview

DeepCoder-14B-Preview — agentic threat model

7.1AIVSS 7.1 · High

DeepCoder-14B-Preview is an open-source code generation model with low inherent autonomy, but its high-quality code synthesis capabilities pose risks of generating insecure or backdoored code if subjected to prompt injection or data poisoning.

OWASP AIVSS score rationale

AIVSS = (CVSS_Base + AARS) × Mitigation_Factor, where AARS = (10 − CVSS_Base) × (Factor_Sum / 10) × ThM
CVSS base 6.3AARS uplift 0.78Factor sum 2.1/10Threat ×1.0Mitigation ×1.0
Autonomy of Action
0.10
Goal-Driven Planning
0.30
Self-Modification
0.00
Dynamic Tool Use
0.10
Persistent Memory
0.00
Contextual Awareness
0.40
Dynamic Identity
0.00
Multi-Agent Interactions
0.10
Non-Determinism
0.50
Opacity & Reflexivity
0.60

Scored with the canonical OWASP AIVSS formula (AIVSS calculator reference); agentic risk factors estimated from the agent’s described capabilities.

MAESTRO 7-layer threat model

Per-layer threats for this agent. Layers tagged “not certain from listing” are general, caveated commentary where the public description didn’t pin that layer.

L1 · Foundation Models✓ mapped

The model is a fine-tuned DeepSeek-R1-Distilled-Qwen-14B. Primary threats include adversarial prompt injection to bypass safety alignment, and the generation of subtly flawed or malicious code (reprogramming/mis-aligned outputs) that developers might trust blindly.

L2 · Data Operations✓ mapped

The model is fine-tuned on competitive programming and coding datasets. Threats include training data poisoning (introducing backdoors into generated code templates) and potential intellectual property/licensing contamination from the training corpus.

L3 · Agent Frameworks⚠ not certain from listing

Not certain from the listing — The listing describes a raw foundation model deployable via Ollama rather than a fully realized agent framework. If integrated into Agentica or other frameworks, risks would include insecure tool execution of generated code.

L4 · Deployment & Infrastructure✓ mapped

Designed for easy deployment via Ollama. Threats include local host compromise if the Ollama API is exposed without authentication, and resource exhaustion (DoS) on the hosting infrastructure during heavy inference.

L5 · Evaluation & Observability⚠ not certain from listing

Not certain from the listing — No built-in guardrails, logging, or observability solutions are mentioned. Users deploying the model locally must implement their own monitoring and output validation to detect malicious code generation.

L6 · Security & Compliance (cross-cutting)⚠ not certain from listing

Not certain from the listing — As a free, open-source model, there are no built-in compliance controls, identity management, or access policies provided out-of-the-box.

L7 · Agent Ecosystem⚠ not certain from listing

Not certain from the listing — While developed in collaboration with Agentica, the model itself does not natively interact with an agent marketplace or multi-agent ecosystem unless integrated by the end-user.

MAESTRO — the 7-layer agentic threat-modeling framework (Cloud Security Alliance / Ken Huang).