bolt new ai — agentic threat model
Bolt New AI presents a high-risk profile due to its ability to generate, edit, and execute full-stack code and integrate with GitHub, which could lead to arbitrary code execution or supply chain attacks if compromised, mitigated only by its open-source transparency.
OWASP AIVSS score rationale
| Autonomy of Action | 0.60 | |
| Goal-Driven Planning | 0.70 | |
| Self-Modification | 0.20 | |
| Dynamic Tool Use | 0.80 | |
| Persistent Memory | 0.40 | |
| Contextual Awareness | 0.70 | |
| Dynamic Identity | 0.30 | |
| Multi-Agent Interactions | 0.20 | |
| Non-Determinism | 0.80 | |
| Opacity & Reflexivity | 0.60 |
Scored with the canonical OWASP AIVSS formula (AIVSS calculator reference); agentic risk factors estimated from the agent’s described capabilities.
MAESTRO 7-layer threat model
Per-layer threats for this agent. Layers tagged “not certain from listing” are general, caveated commentary where the public description didn’t pin that layer.
Built on DeepSeek V3. Vulnerable to adversarial prompt injection that could bypass safety filters to generate malicious code, backdoors, or exploit payloads.
Not certain from the listing — likely processes local codebase files and user prompts, but specific vector stores, RAG pipelines, or training data protections are not detailed.
Orchestrates full-stack code selection and editing. High risk of tool misuse if the agent is manipulated into executing destructive shell commands or writing insecure code.
Not certain from the listing — the hosting environment (local vs. cloud sandbox) for executing, testing, or previewing the generated full-stack code is not specified, posing container escape or host compromise risks.
Not certain from the listing — no explicit mention of built-in guardrails, logging, or observability tools for monitoring generated code or agent actions.
Not certain from the listing — open-source nature allows community audit, but specific compliance certifications, identity management, or enterprise access controls are not documented.
Integrates with GitHub. Risks include unauthorized commits, exfiltration of repository secrets, or cascading failures if integrated into automated CI/CD pipelines.
MAESTRO — the 7-layer agentic threat-modeling framework (Cloud Security Alliance / Ken Huang).