Recursive AI — agentic threat model
Recursive AI's TACO presents a high-risk profile due to its deep integration into software development lifecycles, where compromised execution could lead to automated supply chain attacks, malicious code injection, or unauthorized repository access.
OWASP AIVSS score rationale
| Autonomy of Action | 0.80 | |
| Goal-Driven Planning | 0.80 | |
| Self-Modification | 0.20 | |
| Dynamic Tool Use | 0.80 | |
| Persistent Memory | 0.50 | |
| Contextual Awareness | 0.80 | |
| Dynamic Identity | 0.30 | |
| Multi-Agent Interactions | 0.60 | |
| Non-Determinism | 0.70 | |
| Opacity & Reflexivity | 0.70 |
Scored with the canonical OWASP AIVSS formula (AIVSS calculator reference); agentic risk factors estimated from the agent’s described capabilities.
MAESTRO 7-layer threat model
Per-layer threats for this agent. Layers tagged “not certain from listing” are general, caveated commentary where the public description didn’t pin that layer.
Not certain from the listing — The underlying foundation models used by TACO and 'The Bobs' are unspecified. Threats include adversarial prompt injection leading to malicious code generation, model poisoning, or intellectual property leakage through training data reconstruction.
Not certain from the listing — The agent must ingest backlog tickets and codebase context. Threats include codebase data exfiltration, poisoning of RAG/vector databases with malicious code snippets, and lack of data lineage tracking for generated code.
TACO orchestrates multi-step workflows to transform tickets into tested, documented code. Threats include tool misuse (e.g., executing malicious code during automated testing phases), insecure tool integration with version control systems, and framework-level prompt injection.
Not certain from the listing — Executing and testing generated code requires a highly secure, isolated sandbox. Threats include container escape, privilege escalation, and lateral movement within the hosting or CI/CD environment if sandboxing is insufficient.
Not certain from the listing — Automated code generation requires robust observability and security scanning (SAST/DAST) before deployment. Threats include blind spots in code verification, evaluation gaming, and insufficient logging of agent decisions.
Not certain from the listing — While marketed as a 'secure AI developer', specific compliance certifications (e.g., SOC2, ISO 27001) or access control policies are not detailed. Threats include unauthorized repository access and lack of verifiable audit trails.
The mention of 'The Bobs' (an AI system producing content) and TACO's integration into existing developer workflows indicates a multi-agent or ecosystem-level footprint. Threats include cascading failures across automated pipelines and unauthorized agent-to-agent trust abuse.
MAESTRO — the 7-layer agentic threat-modeling framework (Cloud Security Alliance / Ken Huang).