AegisShield: Democratizing Cyber Threat Modeling with Generative AI
This work helps under-resourced organizations adopt secure-by-design practices by automating threat modeling, though it is incremental as it builds on existing frameworks like STRIDE and MITRE ATT&CK.
The paper tackles the problem of scaling threat modeling for small organizations by developing AegisShield, a generative AI tool that automates threat generation and assessment, resulting in reduced complexity, semantic alignment with expert threats, and an 85.4% success rate in mapping threats to MITRE ATT&CK techniques.
The increasing sophistication of technology systems makes traditional threat modeling hard to scale, especially for small organizations with limited resources. This paper develops and evaluates AegisShield, a generative AI enhanced threat modeling tool that implements STRIDE and MITRE ATT&CK to automate threat generation and provide systematic assessments. By integrating real time threat intelligence from the National Vulnerability Database and AlienVault Open Threat Exchange, AegisShield produces streamlined and accessible threat descriptions. Our assessment of 243 threats from 15 case studies and over 8000 AI generated threats shows that AegisShield reduces complexity (p less than 0.001), yields outputs semantically aligned with expert developed threats (p less than 0.05), and achieves an 85.4 percent success rate in mapping threats to MITRE ATT&CK techniques (p less than 0.001). Automating and standardizing threat modeling helps under resourced organizations address risk earlier and supports wider adoption of secure by design practices.