Threat modeling

A STRIDE-driven security threat model for a system you describe to the agent. The workflow walks scoping and DFD construction → six-way STRIDE specialist analysis over the diagram → review → enrichment and scoring → mitigation → report, grounding the enrichment in the gateway's threat-framework corpora.

Tier

Team and Company. The threat-pattern and CVE lookups call search against domain MCPs and are available on Premium too. The structured workflow lifecycle for threat modelling specifically (start_workflow, submit_response, generate_report, plus the create_dfd and recommend_subagents specialists) is Team-tier and above. Premium customers wanting an ad-hoc threat brief without the full workflow can call search directly.

What you ask the agent

Run a threat model for our payments service.
It's a Go API behind nginx, talking to Postgres and Stripe,
with OAuth-authenticated customer clients and a Keycloak IdP.

The agent calls start_workflow(workflow_type="threat_model") and guides the rest from there.

Stages

  1. Scoping & DFD — system description and key assets, a scope check, then data-flow-diagram construction: the agent extracts components, data flows, trust zones, and assets, validates the graph with create_dfd, and shows you the rendered Mermaid diagram for review before analysis starts. Architecture diagrams and design docs go in via register_document.
  2. Document collection — supporting evidence: existing security controls, network diagrams, IAM policies.
  3. STRIDE analysis — one dispatch step that fans out six STRIDE-category specialists (Spoofing, Tampering, Repudiation, Information Disclosure, Denial of Service, Elevation of Privilege) over the reviewed DFD — in parallel where the client supports subagents, sequentially elsewhere — and merges their threat lists into one register with a coverage matrix.
  4. Threat review — user-reviewed threat register before enrichment.
  5. Threat enrichment & scoring — adds attack-chain references and related patterns from the framework corpora (MITRE ATT&CK, CAPEC, CWE via search), then scores severity and likelihood per threat.
  6. Mitigation — for each high-priority threat, one or more proposed mitigations with cited control sources (NIST, ISO, sector frameworks where the agent has them in scope).
  7. Reportgenerate_report(workflow_id) assembles the threat-model document. The structured threat list is also retrievable via get_workflow_threats(workflow_id) for programmatic downstream use.

What you get back

A structured threat model: system scope, components with type and technology, threat register with STRIDE category, severity, likelihood, mitigation, and an evidence reference for each. The threat list is queryable independently of the prose report — useful if you want to roll the findings into a ticketing system.