Threat Model

A threat model is a structured analysis of potential adversaries, attack vectors, and security objectives for a system, used to identify vulnerabilities and prioritize defensive measures based on realistic attacker capabilities and motivations.

Definition

A threat model is a systematic process for identifying, categorizing, and prioritizing potential threats to a system. It answers four fundamental questions: What are we building? What can go wrong? What are we going to do about it? Did we do a good enough job? The process examines the system’s architecture, its data flows, its trust boundaries, and the capabilities and motivations of potential adversaries to produce a structured understanding of where the system is vulnerable and which vulnerabilities matter most.

Threat modeling methodologies include STRIDE (developed at Microsoft, categorizing threats as Spoofing, Tampering, Repudiation, Information Disclosure, Denial of Service, and Elevation of Privilege), PASTA (Process for Attack Simulation and Threat Analysis), LINDDUN (focused on privacy threats), and attack trees (hierarchical decomposition of attack goals). Each provides a different lens, but all serve the same purpose: making invisible risks visible before they become incidents.

Why It Matters

The 2024 Verizon Data Breach Investigations Report analyzed over 30,000 security incidents and 10,000 confirmed breaches. The report found that 68% of breaches involved a human element (social engineering, errors, or misuse) and that the median time to exploit a vulnerability after public disclosure was 5 days—down from 14 days in 2023. These numbers argue for proactive threat identification: organizations that wait for incidents to reveal their vulnerabilities are, by definition, too late.

Microsoft’s Security Development Lifecycle mandates threat modeling for all products and reports that the practice identifies an average of 3.2 critical design flaws per product that would not have been caught through code review or testing alone. The economic argument is stark: a design flaw caught during threat modeling costs orders of magnitude less to fix than one discovered in production—or by an attacker.

For AI systems, threat modeling has gained urgency. The OWASP Top 10 for LLM Applications (2025 edition) identifies prompt injection, training data poisoning, model denial of service, and supply chain vulnerabilities as critical threats—none of which are detected by traditional security scanning tools. AI-specific threat models must account for adversaries who exploit the model itself, not just the infrastructure hosting it.

How It Works

Threat modeling follows a systematic methodology:

System decomposition: Map the architecture, identifying components, data flows, trust boundaries, entry points, and assets. For an AI application, this includes the client, API gateway, authentication service, LLM provider, and any data stores—however ephemeral.
Threat identification: For each component and data flow, enumerate potential threats using a structured methodology. STRIDE categorizes threats by type. Attack trees decompose complex attacks into prerequisite steps. LINDDUN specifically addresses privacy threats including linkability, identifiability, non-repudiation, detectability, disclosure of information, unawareness, and non-compliance.
Risk assessment: Evaluate each threat for likelihood (attacker capability, access, motivation) and impact (data exposure, service disruption, regulatory consequence). The DREAD model (Damage, Reproducibility, Exploitability, Affected Users, Discoverability) provides a scoring framework.
Mitigation selection: For each significant threat, identify countermeasures. Countermeasures may be preventive (eliminating the attack surface), detective (monitoring for exploit attempts), or responsive (containing damage post-exploit). The strongest mitigations are architectural—they eliminate threat categories rather than addressing individual exploit paths.
Residual risk acceptance: Document threats that remain after mitigation and obtain explicit sign-off on accepted residual risk.

Stealth Cloud Relevance

Stealth Cloud publishes a transparent threat model that treats every component in its architecture as potentially compromised. This is not pessimism—it is zero trust applied to system design.

The threat model identifies four primary adversaries: a compromised LLM provider (mitigated by PII stripping and tokenization—the provider never receives identifiable data), a compromised edge worker (mitigated by end-to-end encryption and zero persistence—the worker processes data in RAM only), a network-level attacker (mitigated by TLS 1.3, certificate pinning, and metadata stripping), and a malicious client-side actor (mitigated by wallet-based authentication via Sign-In with Ethereum and session isolation).

The architecture eliminates entire threat categories. Information disclosure at the server? No personal information exists on the server. Data breach of stored records? No records are stored. Model memorization of sensitive prompts? No sensitive data in the prompts. Side-channel attacks against persistent state? No persistent state to attack.

This is the architectural approach to threat modeling: instead of adding countermeasures to each threat, eliminate the conditions that make the threat possible.

The Stealth Cloud Perspective

Most threat models end with a list of mitigations layered over a fundamentally vulnerable architecture. Stealth Cloud’s threat model starts with the architecture itself—designed so that the most dangerous threats (data breach, memorization, unauthorized disclosure) have no preconditions to exploit.