Skip to content

purplesectools/ai-threat-model-assistant

Repository files navigation

AI Threat Modeling Assistant

Deterministic threat modeling for modern AI systems.

The AI Threat Modeling Assistant helps security teams identify exploitable attack paths, weak controls, compliance gaps, and architecture-specific risks across modern AI applications including:

  • Large Language Models (LLMs)
  • Retrieval-Augmented Generation (RAG)
  • Agentic AI systems
  • MCP-integrated architectures
  • Multimodal AI
  • Classical Machine Learning systems

Unlike LLM-generated threat modeling tools, this engine uses deterministic rules, attack-graph correlation, framework mappings, and architecture-aware logic to produce explainable and repeatable findings.

🌐 Live Demo: https://aimlthreats.com


Screenshots

Executive Summary

Executive Summary


Adaptive AI-Type Coverage

Coverage Matrix


Dynamic Questionnaire Engine

Data & Behavior

LLM Controls


Risk Prioritization

Top Risks


Attack Chains

Attack Chains Overview

Attack Chain Deep Dive


Framework Mapping & Threat Correlation

Framework & MITRE ATLAS Coverage

Detailed Threat Analysis


Why This Tool Exists

Most AI security assessments today are:

  • Generic checklists
  • Spreadsheet-driven reviews
  • Non-contextual questionnaires
  • LLM-generated threat models that are difficult to audit or reproduce

Modern AI systems expose fundamentally different attack surfaces:

  • Prompt injection
  • Retrieval poisoning
  • Excessive agency
  • Model manipulation
  • Tool abuse
  • Insecure MCP integrations
  • Unsafe downstream execution
  • Hallucination-driven impact
  • Training-data poisoning
  • Model extraction

This project was built to provide:

  • Deterministic reasoning
  • Explainable findings
  • Architecture-aware assessments
  • Attack-chain visibility
  • Actionable remediation guidance

Core Capabilities

Deterministic Threat Modeling

Findings are generated using:

  • Rule-based analysis
  • Control correlation
  • Architecture-aware logic
  • Graph-based chain discovery
  • Framework mappings

No AI-generated hallucinated findings.

Outputs are:

  • Reproducible
  • Explainable
  • Audit-friendly
  • Stable across assessments

Adaptive AI-Type Assessments

The questionnaire dynamically changes based on selected AI architecture.

Different AI systems expose different attack surfaces.

The engine automatically enables:

  • LLM-specific controls
  • RAG retrieval security
  • Agentic autonomy checks
  • MCP trust boundaries
  • Multimodal risks
  • Classical ML attack vectors

This reduces irrelevant questions while improving precision.


Multi-Step Attack Chains

The engine correlates weak controls into deterministic multi-step attack paths.

Instead of isolated findings, the engine identifies:

  • Attacker progression
  • Trust-boundary traversal
  • Downstream exploitation paths
  • Exploit dependencies
  • Chained control failures

Each chain explains:

  • Why the chain fired
  • Required weak controls
  • Impacted assets
  • Attack progression
  • Mitigation steps required to break the chain

Example

External attacker
→ Submit crafted prompt
→ Prompt injection succeeds
→ Harmful output generated
→ Payload reaches downstream system
→ System manipulation achieved

Graph-Based Attack Discovery

The engine includes graph-based attack-path analysis.

It dynamically traverses attack edges where:

  • Trust boundaries exist
  • Controls are weak or missing
  • Attacker reachability is possible

This enables:

  • Chained exploitation visibility
  • Downstream impact discovery
  • Lateral movement analysis
  • Trust-boundary modeling

Risk Prioritization Engine

Findings are ranked using:

  • Likelihood
  • Impact
  • Exposure
  • Architecture context
  • Attack-chain amplification
  • Control gaps

The goal is to surface:

The risks a senior security lead would escalate first.


Explainable Findings

Every finding includes:

  • Reason for trigger
  • Attack path
  • Abuse case
  • Mitigation guidance
  • Quick-win remediation
  • Confidence scoring
  • NIST impact mapping
  • Testing guidance

Supported AI Architectures

Architecture Supported
Large Language Models (LLMs)
RAG / Vector DB Systems
Agentic AI
MCP Integrations
Multimodal AI
Generative AI
Traditional ML
NLP (non-LLM)
Computer Vision
Recommendation Systems
Fraud / Anomaly Detection

Framework Coverage

OWASP

  • OWASP LLM Top 10
  • OWASP ML Top 10
  • OWASP Agentic AI
  • OWASP MCP Top 10

MITRE

  • MITRE ATLAS technique mappings

NIST

  • NIST AI RMF
  • NIST CIA impact categories

Compliance & Governance

  • GDPR
  • HIPAA
  • PCI DSS
  • SOC 2
  • ISO 27001
  • EU AI Act

Example Findings

The engine can identify findings such as:

  • Prompt Injection
  • Unsafe Tool Usage
  • Excessive Agency
  • System Prompt Leakage
  • RAG Poisoning
  • Retrieval Access Weaknesses
  • Harmful Content Generation
  • Output Injection
  • Unsafe Downstream Execution
  • Model Extraction
  • Membership Inference
  • Data Poisoning
  • Drift Exploitation
  • MCP Trust Boundary Violations
  • Multi-Agent Escalation Risks

Example Attack Chains

Prompt Injection → Downstream System Manipulation

External attacker
→ Crafted prompt submission
→ Prompt sanitization bypass
→ Harmful content generated
→ Unsafe downstream rendering
→ System manipulation

RAG Poisoning Chain

Attacker-controlled document
→ Retrieval poisoning
→ Malicious context insertion
→ LLM manipulation
→ Unsafe response generation

Agentic Tool Abuse

Prompt manipulation
→ Tool invocation abuse
→ Credential misuse
→ External API interaction
→ Sensitive data exposure

Designed For

  • Application Security teams
  • AI security engineers
  • Security architects
  • AI governance teams
  • Enterprise risk teams
  • Red teams
  • AI platform teams
  • Security researchers

Why Deterministic Instead of LLM-Generated Threat Models?

Many AI threat-modeling tools rely entirely on LLMs to generate findings.

This engine intentionally avoids that approach.

Instead, findings are produced using:

  • Deterministic rules
  • Attack graphs
  • Architecture-aware conditions
  • Control correlation
  • Framework mappings

Benefits:

  • Reproducible outputs
  • Explainable findings
  • Reduced hallucination risk
  • Audit-friendly assessments
  • Stable severity scoring
  • Easier governance adoption

Technology Stack

  • Python
  • Streamlit
  • Rule-based analysis engine
  • Deterministic scoring engine
  • Graph-based chain traversal
  • MITRE / OWASP mapping logic

Installation

Clone Repository

https://github.com/purplesectools/ai-threat-model-assistant.git

cd ai-threat-model-assistant

Create Virtual Environment

python3 -m venv venv

source venv/bin/activate

Install Dependencies

pip install -r requirements.txt

Run Application

streamlit run main.py

Project Structure

ai-threat-model-assistant/
│
├── docs/
│   └── images/
├── main.py
├── rules_engine.py
├── requirements.txt
├── README.md
├── Procfile
└── threat_model_coverage.png

Roadmap

Planned improvements include:

  • Expanded attack-chain library
  • More graph traversal logic
  • AI risk scoring improvements
  • Exportable reports (PDF/JSON)
  • Threat-model versioning
  • Saved assessments
  • Additional compliance mappings
  • More MCP attack scenarios
  • Expanded agentic AI coverage
  • API support
  • CI/CD integrations

Disclaimer

This tool is intended to assist threat modeling and security reviews.

It does not replace:

  • Penetration testing
  • Architecture reviews
  • Secure SDLC practices
  • Formal compliance assessments
  • Human security expertise

Contributing

Contributions, ideas, rule improvements, attack-chain suggestions, and framework mappings are welcome. Please open:

  • Issues
  • Feature requests
  • Pull requests

License

MIT License


Author

Developed by Purple Security

🌐 https://aimlthreats.com

GitHub: https://github.com/purplesectools/ai-threat-model-assistant

Follow on X / Twitter

About

No description, website, or topics provided.

Resources

Stars

2 stars

Watchers

1 watching

Forks

Releases

No releases published

Packages

 
 
 

Contributors

Languages