AgentReadyHomeAgent Listing

← Koddy AI

Koddy AI — agentic threat model

5.5AIVSS 5.5 · Medium

Koddy AI is a low-risk, low-autonomy generative platform focused on image and video creation. Its primary security risks center on model abuse (such as generating NSFW or copyrighted content) and API resource exhaustion rather than autonomous agentic execution or systemic compromise.

OWASP AIVSS score rationale

AIVSS = (CVSS_Base + AARS) × Mitigation_Factor, where AARS = (10 − CVSS_Base) × (Factor_Sum / 10) × ThM
CVSS base 4.3AARS uplift 1.2Factor sum 2.1/10Threat ×1.0Mitigation ×1.0
Autonomy of Action
0.10
Goal-Driven Planning
0.10
Self-Modification
0.00
Dynamic Tool Use
0.10
Persistent Memory
0.10
Contextual Awareness
0.20
Dynamic Identity
0.00
Multi-Agent Interactions
0.00
Non-Determinism
0.80
Opacity & Reflexivity
0.70

Scored with the canonical OWASP AIVSS formula (AIVSS calculator reference); agentic risk factors estimated from the agent’s described capabilities.

MAESTRO 7-layer threat model

Per-layer threats for this agent. Layers tagged “not certain from listing” are general, caveated commentary where the public description didn’t pin that layer.

L1 · Foundation Models✓ mapped

Integrates multiple advanced image and video foundation models. Primary threats include adversarial prompt injection to bypass safety filters (generating NSFW, deepfakes, or copyrighted material) and model/API abuse.

L2 · Data Operations⚠ not certain from listing

Not certain from the listing — likely processes user-uploaded reference images and stores generated visual assets. Threats include unauthorized access to private user creations, data exfiltration, and lack of clear data retention policies.

L3 · Agent Frameworks⚠ not certain from listing

Not certain from the listing — orchestration is likely limited to a simple pipeline routing user prompts to selected model APIs. Threats include insecure API integration and lack of input validation before model dispatch.

L4 · Deployment & Infrastructure⚠ not certain from listing

Not certain from the listing — hosted web infrastructure. Threats include API key exposure for underlying model providers, denial of service via resource-heavy video generation requests, and standard web application vulnerabilities.

L5 · Evaluation & Observability⚠ not certain from listing

Not certain from the listing — no mention of output filtering or content moderation guardrails. Threats include blind spots regarding abusive content generation and lack of abuse-detection telemetry.

L6 · Security & Compliance (cross-cutting)⚠ not certain from listing

Not certain from the listing — closed-source, free platform with no detailed security compliance or identity controls mentioned. Threats include weak user authentication and potential copyright/IP compliance violations.

L7 · Agent Ecosystem✓ mapped

Does not operate in a multi-agent ecosystem or marketplace. Ecosystem threats such as rogue agent interactions or cascading agent-to-agent failures are not applicable.

MAESTRO — the 7-layer agentic threat-modeling framework (Cloud Security Alliance / Ken Huang).