Threat Designer is a Generative AI application that automates and streamlines threat modeling for secure system design. It uses LLMs to analyze system architectures, identify potential security threats, and generate detailed threat models, enabling early integration of security into development.

How It Works

The core approach employs LLMs to parse architecture diagrams, detect security threats, and produce comprehensive threat models. It features an interactive UI for model refinement and an optional AI Assistant (Sentry) that can leverage a custom knowledge base ("Spaces") for organization-specific context, enhancing threat analysis with relevant internal documentation.

Quick Start & Requirements

• CLI: Install via pip install ./cli and run threat-designer. Operates locally using Amazon Bedrock or OpenAI credentials.
• Full Deployment: Clone repo, chmod +x deployment.sh, export AWS credentials, and execute ./deployment.sh.
• Prerequisites: Node.js (v18+), npm, Python (v3.12+), pip, Terraform CLI, Docker, and configured AWS CLI.
• AI Providers: Amazon Bedrock (Claude models) or OpenAI (GPT models). Requires API keys/credentials and model access.
• Optional: Tavily API key for Sentry's web search.
• Links: AWS Blog Post, Getting started Guide, CLI Quick Start.

Highlighted Details

• Automated architecture analysis and threat identification.
• Interactive editing and iterative refinement of threat models.
• Export results in PDF, DOCX, or JSON formats.
• Optional Sentry AI Assistant for conversational analysis.
• "Spaces" feature for attaching custom knowledge bases (runbooks, policies).
• Threat Catalog for managing historical threat models.

Maintenance & Community

The provided README does not detail specific contributors, sponsorships, or community channels (e.g., Discord, Slack). Contribution guidelines are available via a CONTRIBUTING file.

Licensing & Compatibility

• License: Apache License 2.0.
• Compatibility: No explicit restrictions noted for commercial use or integration with closed-source projects.

Limitations & Caveats

Full deployment necessitates AWS credentials and infrastructure setup. Optional features like the Sentry AI Assistant and web search require additional configuration and API keys. Switching between AI providers (Bedrock/OpenAI) mandates redeployment and invalidates existing sessions.