Threat modelling for AI systems combines traditional software security analysis with AI-specific threat taxonomies. Methodology applies STRIDE for conventional software threats, MITRE ATLAS for AI-specific attack patterns, the OWASP Top 10 for LLM Applications, and PASTA for attack simulation and threat analysis.

Attack surface identification catalogues eight exposure categories spanning training data, model artefacts, inference APIs, human oversight interfaces, feature stores, vector databases, configuration stores, and monitoring infrastructure. Threat actor profiling assesses capabilities and motivation across four actor categories.

AI-specific threat categories provide per-threat analysis of attack vectors and controls for each of the OWASP LLM Top 10 plus additional AI-specific threats including adversarial examples, model inversion, and federated training risks. The section concludes with artefacts : the living threat model document, per-threat control mappings, and bow-tie diagrams for the top ten risks.

Note:

This section corresponds to the Threat Modelling section and feeds primarily into AISDP Module 9 (Robustness and Cybersecurity).