AgentReadyHomeAgent Listing

← devlo

devlo — agentic threat model

9.4AIVSS 9.4 · Critical

devlo.ai presents a high-risk profile as an autonomous development assistant with potential write access to code repositories and CI/CD pipelines, making it a prime target for supply chain attacks and intellectual property exfiltration.

OWASP AIVSS score rationale

AIVSS = (CVSS_Base + AARS) × Mitigation_Factor, where AARS = (10 − CVSS_Base) × (Factor_Sum / 10) × ThM
CVSS base 8.5AARS uplift 0.93Factor sum 5.9/10Threat ×1.05Mitigation ×1.0
Autonomy of Action
0.70
Goal-Driven Planning
0.80
Self-Modification
0.20
Dynamic Tool Use
0.80
Persistent Memory
0.60
Contextual Awareness
0.80
Dynamic Identity
0.40
Multi-Agent Interactions
0.30
Non-Determinism
0.70
Opacity & Reflexivity
0.60

Scored with the canonical OWASP AIVSS formula (AIVSS calculator reference); agentic risk factors estimated from the agent’s described capabilities.

MAESTRO 7-layer threat model

Per-layer threats for this agent. Layers tagged “not certain from listing” are general, caveated commentary where the public description didn’t pin that layer.

L1 · Foundation Models⚠ not certain from listing

Not certain from the listing — likely relies on third-party frontier LLMs optimized for code generation. Key threats include prompt injection leading to the generation of insecure or malicious code, and model reprogramming.

L2 · Data Operations⚠ not certain from listing

Not certain from the listing — likely ingests and indexes proprietary codebases via RAG or vector databases. Key threats include codebase poisoning (injecting malicious comments/code to bias suggestions) and exfiltration of intellectual property.

L3 · Agent Frameworks⚠ not certain from listing

Not certain from the listing — orchestrates multi-step development tasks. Key threats include tool misuse (e.g., executing destructive git commands or arbitrary shell scripts) and insecure handling of repository write permissions.

L4 · Deployment & Infrastructure⚠ not certain from listing

Not certain from the listing — likely hosted as a SaaS platform or integrated via IDE/GitHub Apps. Key threats include exposure of repository access tokens, lack of sandboxing during local code execution/testing, and container compromise.

L5 · Evaluation & Observability⚠ not certain from listing

Not certain from the listing — no mention of guardrails or logging mechanisms. Key threats include blind spots regarding malicious code commits and a lack of real-time drift or anomaly detection in generated code patterns.

L6 · Security & Compliance (cross-cutting)⚠ not certain from listing

Not certain from the listing — closed-source paid tool without explicit security certifications (e.g., SOC2) or fine-grained RBAC mentioned. Key threats include unauthorized repository access and lack of auditability for AI-driven changes.

L7 · Agent Ecosystem⚠ not certain from listing

Not certain from the listing — acts as a 'virtual teammate' but does not explicitly detail multi-agent orchestration. Key threats include trust abuse if integrated directly with other automated CI/CD or deployment agents.

MAESTRO — the 7-layer agentic threat-modeling framework (Cloud Security Alliance / Ken Huang).