AI threat modeling with STRIDE: the 5-step method for any LLM

"Threats" is a useless word until you answer one thing first: a threat to what?

Start with assets

A threat never free-floats. It's always a threat to something you've decided is worth protecting. "What are the threats to a shop?" → a shrug. "What are we protecting — stock, till, name, staying open?" → the threats write themselves. For an AI product, the assets are usually: the system, its output, user data, account access, reputation.

STRIDE: six categories, no skipping

A 40-year-old checklist still does the job: S poofing, T ampering, R epudiation, I nformation disclosure, D enial of service, E levation of privilege. You walk your system past each so you don't quietly skip a whole class of risk. By instinct you'll cover five of six; the one that slips is Repudiation — the absence of a trail. Something goes wrong and there's no log to prove who, what, when. That's exactly why the EU AI Act mandates record-keeping.

The method, end to end

• What am I protecting? (assets)
• What can go wrong? (STRIDE)
• Is there an attacker? ( no → safety/governance; yes → continue )
• How exactly? (tactic → technique, MITRE ATLAS)
• What's the mitigation?

If you're building anything with an LLM, run this on a whiteboard in an afternoon. The documentation then becomes audit-ready with NIST AI RMF.