LLM-Assisted Threat Modeling

Threat modeling is one of the highest-leverage security activities, yet it remains underutilized because it is time-intensive and requires specialized expertise. LLMs can change this equation.

The Approach

Feed an LLM your system architecture diagram (as text or structured data) and ask it to enumerate potential threats using STRIDE categories. The model won’t replace a security engineer, but it dramatically accelerates the initial enumeration phase.

Where LLMs Excel

• Completeness — LLMs are thorough at enumerating known threat categories across components
• Speed — A first-pass threat model in minutes rather than hours
• Accessibility — Teams without dedicated security engineers can start the conversation

Where LLMs Fall Short

• Novel attacks — LLMs reason from training data, not adversarial creativity
• Business context — They struggle with organization-specific risk tolerance
• Validation — Identified threats still need human verification and prioritization

The sweet spot is using LLMs as a force multiplier for experienced practitioners, not as a replacement.