AgentReadyHomeAgent Listing

← DemoGPT

DemoGPT — agentic threat model

9.1AIVSS 9.1 · Critical

DemoGPT presents a high agentic risk due to its ability to autonomously plan, generate, and assemble executable LangChain and Streamlit code from natural language. Without explicit sandboxing or verification controls mentioned, malicious instructions could lead to the generation of vulnerable or malicious applications.

OWASP AIVSS score rationale

AIVSS = (CVSS_Base + AARS) × Mitigation_Factor, where AARS = (10 − CVSS_Base) × (Factor_Sum / 10) × ThM
CVSS base 8.5AARS uplift 0.63Factor sum 4.2/10Threat ×1.0Mitigation ×1.0
Autonomy of Action
0.60
Goal-Driven Planning
0.80
Self-Modification
0.20
Dynamic Tool Use
0.50
Persistent Memory
0.20
Contextual Awareness
0.40
Dynamic Identity
0.10
Multi-Agent Interactions
0.20
Non-Determinism
0.70
Opacity & Reflexivity
0.50

Scored with the canonical OWASP AIVSS formula (AIVSS calculator reference); agentic risk factors estimated from the agent’s described capabilities.

MAESTRO 7-layer threat model

Per-layer threats for this agent. Layers tagged “not certain from listing” are general, caveated commentary where the public description didn’t pin that layer.

L1 · Foundation Models⚠ not certain from listing

Not certain from the listing — DemoGPT is model-agnostic ('utilize any LLM model meeting specific performance criteria'). This introduces risks of prompt injection, model misalignment, or adversarial manipulation of the underlying LLM used for code generation.

L2 · Data Operations⚠ not certain from listing

Not certain from the listing — The description does not detail how training data, RAG, or vector stores are managed during the generation process, leaving potential gaps for data poisoning or exfiltration if user instructions contain sensitive data.

L3 · Agent Frameworks✓ mapped

DemoGPT uses LangChain for orchestration, translating instructions into tasks, planning, and code snippets. Vulnerabilities in LangChain integration or insecure code generation (e.g., generating code with remote code execution vulnerabilities) pose significant risks.

L4 · Deployment & Infrastructure⚠ not certain from listing

Not certain from the listing — While it renders interactive Streamlit applications, the hosting, sandboxing, and isolation of these generated applications are not specified, risking container compromise or privilege escalation if run in shared environments.

L5 · Evaluation & Observability⚠ not certain from listing

Not certain from the listing — There is no mention of built-in guardrails, evaluation frameworks, or logging/monitoring of the generated code to detect drift, anomalies, or malicious code generation.

L6 · Security & Compliance (cross-cutting)⚠ not certain from listing

Not certain from the listing — No security controls, access management, or compliance alignments (like NIST or ISO) are mentioned for this open-source framework.

L7 · Agent Ecosystem⚠ not certain from listing

Not certain from the listing — While it generates LLM-based applications, there is no explicit mention of multi-agent marketplace interactions or agent-to-agent trust boundaries within DemoGPT itself.

MAESTRO — the 7-layer agentic threat-modeling framework (Cloud Security Alliance / Ken Huang).