What AI-specific threats does it cover?

Prompt injection (direct and indirect), training-data poisoning, model inversion and membership inference, sensitive-data leakage through outputs, adversarial inputs, insecure tool/plugin use, and excessive agent agency — aligned with the OWASP Top 10 for LLM applications.

Is this a substitute for a security review?

No. It produces a structured starting threat model that ensures you have considered AI-specific risks. A full review by a security engineer is still needed, especially before production.

Why do data flows and trust boundaries matter?

Most LLM threats occur where untrusted input crosses into the model or where model output crosses into a privileged action. Identifying those boundaries is what makes the threat model concrete rather than generic.

Is my architecture description uploaded?

No. The threat model is generated in your browser from your selections. Nothing is sent to a server.

AI Security Threat Model Generator

Q: What is STRIDE?

STRIDE is a threat-modelling framework covering six categories — Spoofing, Tampering, Repudiation, Information disclosure, Denial of service, and Elevation of privilege. This tool maps AI-specific threats onto each category.

LLM applications introduce threats that traditional threat models miss — a model can be manipulated by the very data it processes, leak its training data, or be tricked into taking privileged actions. The AI Security Threat Model Generator maps your architecture onto the six STRIDE categories with AI-specific threats and mitigations.

How it works

You describe your application and select the capabilities and data flows it has: whether it ingests untrusted external content, calls tools or plugins, retains conversation history, exposes a fine-tuned model, or can take actions on a user’s behalf. The tool then generates a STRIDE table — Spoofing, Tampering, Repudiation, Information disclosure, Denial of service, and Elevation of privilege — populated with the threats relevant to your selections and a recommended control for each.

The threats are drawn from the OWASP Top 10 for LLM Applications and AI security literature: prompt injection (direct and indirect), training-data poisoning, model inversion and membership inference, sensitive-data leakage, adversarial inputs, insecure tool use, and excessive agent agency.

What you get

A structured threat model you can paste into a security design document: each STRIDE category lists the applicable AI-specific threats and a concrete mitigation — for example, treating all retrieved content as untrusted to counter indirect prompt injection, or enforcing least-privilege scopes on any tools the model can call.

Tips and notes

The two threats teams most underestimate are indirect prompt injection — malicious instructions hidden in content the model retrieves, such as a web page or document — and excessive agency, where an over-trusted agent takes actions it should have escalated. Both live at the boundary where untrusted input or model output crosses into a privileged operation, so map those boundaries first. This is a starting model, not a full security review; have a security engineer review it before production. Everything is generated in your browser and nothing is uploaded.