DevGPT — agentic threat model
DevGPT presents a high-risk profile primarily due to its deep integration with proprietary codebases and its capability to modify code, which could be leveraged for supply chain attacks or intellectual property theft if compromised.
OWASP AIVSS score rationale
| Autonomy of Action | 0.30 | |
| Goal-Driven Planning | 0.40 | |
| Self-Modification | 0.10 | |
| Dynamic Tool Use | 0.50 | |
| Persistent Memory | 0.60 | |
| Contextual Awareness | 0.70 | |
| Dynamic Identity | 0.10 | |
| Multi-Agent Interactions | 0.10 | |
| Non-Determinism | 0.60 | |
| Opacity & Reflexivity | 0.50 |
Scored with the canonical OWASP AIVSS formula (AIVSS calculator reference); agentic risk factors estimated from the agent’s described capabilities.
MAESTRO 7-layer threat model
Per-layer threats for this agent. Layers tagged “not certain from listing” are general, caveated commentary where the public description didn’t pin that layer.
Not certain from the listing — DevGPT likely relies on third-party LLMs or open-source models. Threats include adversarial prompt injection to bypass code safety filters, leading to insecure code generation.
DevGPT performs personalized training and RAG on the user's repository. Threats include repository data poisoning (malicious code in the repo influencing future generation) and data exfiltration of proprietary codebase context.
The agent orchestrates code generation and modification based on follow-up prompts. Threats include insecure tool integration with local file systems or IDEs, allowing unauthorized file modification or deletion.
Not certain from the listing — As an open-source tool, deployment could be local or self-hosted. Threats include lack of sandboxing during code execution or testing, potentially leading to local privilege escalation if malicious code is executed.
Not certain from the listing — There is no mention of built-in guardrails, vulnerability scanning for generated code, or logging. Gaps here could allow the silent introduction of security vulnerabilities into the codebase.
Not certain from the listing — No explicit compliance certifications or fine-grained access controls are mentioned. Access to repositories relies entirely on the host environment's permissions.
Not certain from the listing — DevGPT operates as a standalone developer assistant and does not explicitly interact with a multi-agent ecosystem or external agent marketplaces.
MAESTRO — the 7-layer agentic threat-modeling framework (Cloud Security Alliance / Ken Huang).