AI-powered threat modeling toolkit with STRIDE/PASTA framework support. Analyze architecture, discover threats, verify controls, and generate comprehensive security reports.
Map threats and controls to compliance frameworks like OWASP Top 10, SOC2, PCI-DSS, HIPAA, GDPR. Generates compliance reports with coverage percentages and gaps. Use when checking compliance status, mapping to security frameworks, or generating audit documentation.
Detect changes in the threat model since the last baseline snapshot. Identifies new assets, changed flows, new threats, and control status changes. Use when comparing threat model versions, tracking security drift, monitoring for new risks, or validating changes after updates.
Run the complete threat modeling workflow from initialization through reporting. Orchestrates all other skills in sequence. Use when performing full threat model analysis, running complete security assessment, or generating comprehensive threat documentation.
Initialize a threat modeling project by analyzing architecture documentation. Creates threat model structure with asset inventory, data flows, trust boundaries, and attack surface mapping. Use when starting new threat modeling work, setting up threat model for a project, or creating initial security assessment.
Generate comprehensive prioritized risk reports with executive summaries, threat details, gap analysis, and recommendations. Use when creating security reports, generating executive summaries, documenting risk assessments, or preparing audit documentation.
Show current threat model status including asset counts, threat distribution, control verification status, and compliance coverage. Use when checking threat model status, getting overview of security posture, or reviewing current state.
Generate security test cases from the threat model. Creates test scenarios for each threat and control verification tests. Use when creating security tests, generating penetration test cases, building security regression tests, or validating threat mitigations.
Analyze threats against discovered assets using STRIDE or PASTA framework. Generates threat catalog, attack trees, abuse cases, and risk register. Use when analyzing threats, identifying attack vectors, assessing security risks, or expanding threat catalog.
Verify that security controls documented in the threat model actually exist in the codebase. Searches for control implementations, validates configurations, identifies gaps. Use when validating threat model against code, checking security control implementation, or finding security gaps.