# Threat Model: [System Name] **Date:** [today's date] **Scope:** [brief system description from Phase 1] **Frameworks:** STRIDE + MAESTRO 7-Layer + OWASP LLM Top 10 (2025) + OWASP Agentic Top 10 (2026) **Status:** Advisory — AI-generated. Requires review by a qualified security practitioner. --- ## 1. System Description [2-4 sentence description of what the system does, who uses it, and how it is deployed. Derived from Phase 1 interview answers.] --- ## 2. Architecture Overview [Text-based architecture diagram from Phase 2 component mapping, with trust boundaries marked.] --- ## 3. MAESTRO Layer Mapping | Layer | Components Present | Attack Surface Rating | |-------|-------------------|----------------------| | L1 Foundation Models | [models used] | [Low/Medium/High] | | L2 Data and Knowledge | [knowledge files, state files] | [...] | | L3 Agent Frameworks | [hooks active, permission model] | [...] | | L4 Tool Integration | [MCP servers, Bash, filesystem] | [...] | | L5 Agent Capabilities | [commands, agents, skills] | [...] | | L6 Multi-Agent Systems | [pipelines, delegation patterns] | [...] | | L7 Ecosystem | [plugins, integrations, CI/CD] | [...] | --- ## 4. Threat Catalog ### Layer [X] — [Layer Name] #### Threat [X.1]: [Short threat title] | Field | Value | |-------|-------| | STRIDE | [S/T/R/I/D/E] | | OWASP | [LLM0X or ASI0X] | | Likelihood | [1-5] — [rationale] | | Impact | [1-5] — [rationale] | | Risk Score | [L×I] — [Critical/High/Medium/Low] | | Wild Exploitation | [Yes/PoC/No] — [cite source if yes] | **Attack scenario:** [Concrete description of how this threat plays out in this system.] **Current control status:** [Already mitigated / Can be mitigated / Accepted / External] **Recommendation:** [Specific, actionable mitigation. Reference the mitigation matrix control type: Automated / Configured / Advisory.] --- [Repeat for each threat, grouped by MAESTRO layer] --- ## 5. Risk Matrix | Threat | Layer | STRIDE | OWASP | Score | Priority | |--------|-------|--------|-------|-------|----------| | [Threat title] | L[X] | [category] | [ID] | [score] | [Critical/High/Medium/Low] | [Sorted by score descending] --- ## 6. Mitigation Plan ### Critical and High Priority Actions | # | Threat | Action | Control Type | Effort | |---|--------|--------|-------------|--------| | 1 | [Threat] | [Specific action] | Automated/Configured/Advisory | Low/Med/High | [Sorted by risk priority] ### Already Mitigated | Threat | Control | Evidence | |--------|---------|---------| | [Threat] | [What control] | [File or config that confirms it] | ### Accepted Risks | Threat | Rationale | Owner | |--------|-----------|-------| | [Threat] | [Why accepted] | [Who owns this decision] | --- ## 7. Residual Risk Summary [2-4 sentences summarizing the overall risk posture after applying recommended mitigations. Identify the highest-impact residual risk and what it would take to address it.] **Threat model coverage:** [X] threats identified across [Y] MAESTRO layers. **Critical:** [n] | **High:** [n] | **Medium:** [n] | **Low:** [n] --- ## 8. Assumptions and Limitations - This threat model is based on information provided in the interview session and file analysis at the time of generation. System changes may invalidate findings. - Threat likelihood ratings reflect the analyst's assessment; actual exploitation depends on attacker capability and motivation not fully modeled here. - External controls (IAM, network policy, model provider security) are noted as dependencies but not verified. - This document is advisory. It does not constitute a security audit or penetration test. Engage a qualified security practitioner before production deployment of high-risk systems. --- *Generated by threat-modeler-agent (llm-security plugin)* *Frameworks: STRIDE · MAESTRO · OWASP LLM Top 10 (2025) · OWASP Agentic Top 10 (2026)*