AgentReadyHomeAgent ListingPricing

← Tabby

Tabby — agentic threat model

7.1AIVSS 7.1 · High

Tabby is a self-hosted, low-autonomy code assistant. Its primary security risks stem from the potential exfiltration of proprietary source code via its OpenAPI interface and the injection of security vulnerabilities into developer codebases through poisoned suggestions.

OWASP AIVSS score rationale

AIVSS = (CVSS_Base + AARS) × Mitigation_Factor, where AARS = (10 − CVSS_Base) × (Factor_Sum / 10) × ThM
CVSS base 7.5AARS uplift 0.42Factor sum 1.7/10Threat ×1.0Mitigation ×0.9
Autonomy of Action
0.10
Goal-Driven Planning
0.10
Self-Modification
0.00
Dynamic Tool Use
0.10
Persistent Memory
0.20
Contextual Awareness
0.50
Dynamic Identity
0.00
Multi-Agent Interactions
0.00
Non-Determinism
0.40
Opacity & Reflexivity
0.30

Scored with the canonical OWASP AIVSS formula (AIVSS calculator reference); agentic risk factors estimated from the agent’s described capabilities.

MAESTRO 7-layer threat model

Per-layer threats for this agent. Layers tagged “not certain from listing” are general, caveated commentary where the public description didn’t pin that layer.

L1 · Foundation Models⚠ not certain from listing

Not certain from the listing — The specific open-source foundation models used are not detailed. However, these models are susceptible to prompt injection and adversarial manipulation via malicious code comments, potentially leading to the generation of insecure code suggestions.

L2 · Data Operations✓ mapped

Tabby operates locally without external databases or cloud services, reducing external data exposure. However, local repository indexing is vulnerable to data poisoning if malicious code is introduced into the scanned codebase, which would then influence future code suggestions.

L3 · Agent Frameworks✓ mapped

As a code completion server rather than an autonomous agent, Tabby has a minimal agent framework. The primary risk is insecure integration via its OpenAPI interface, which could be abused to flood the server or extract completion context.

L4 · Deployment & Infrastructure✓ mapped

Designed for self-hosting on consumer-grade GPUs. Security relies entirely on the host environment; an exposed or unauthenticated OpenAPI port could allow unauthorized network access to the server, potentially leading to host compromise or source code exposure.

L5 · Evaluation & Observability⚠ not certain from listing

Not certain from the listing — There is no mention of built-in evaluation, logging, or guardrails to detect when the model suggests deprecated, licensing-restricted, or vulnerable code patterns.

L6 · Security & Compliance (cross-cutting)⚠ not certain from listing

Not certain from the listing — The presence of built-in authentication, role-based access control (RBAC), or transport encryption (TLS) for the OpenAPI interface is unspecified, meaning compliance and access controls must be managed externally by the hosting team.

L7 · Agent Ecosystem✓ mapped

Tabby operates as a standalone self-hosted utility with no multi-agent coordination or marketplace ecosystem, making agent-to-agent trust abuse risks non-existent.

MAESTRO — the 7-layer agentic threat-modeling framework (Cloud Security Alliance / Ken Huang).

These scores are auto-generated from public information (the agent's own listing, docs, and repository) using the canonical OWASP AIVSS formula and the MAESTRO framework — an estimate for guidance, not a penetration test, audit, or certification. See the scoring methodology. Are you the vendor? Factual corrections are free.