Summary

ThreatSimGPT is an enterprise-grade AI platform designed to generate realistic, context-aware cybersecurity threat scenarios. It caters to security training, red team exercises, and compliance testing, offering a flexible and scalable solution for simulating diverse attack vectors. The platform's primary benefit lies in its ability to create dynamic, LLM-powered simulations that enhance the effectiveness of security preparedness and validation.

How It Works

The platform employs a modular architecture featuring a core simulation engine, an LLM integration layer, and dataset integration. Scenarios are defined using intuitive YAML templates, allowing for version control and customization. Its key innovation is multi-LLM support, including major cloud providers (OpenAI, Anthropic) and local/offline execution via Ollama, providing flexibility and enabling air-gapped operations. The architecture prioritizes scalability and maintainability with features like connection pooling for LLM requests.

Quick Start & Requirements

• Primary Install: Clone the repository, set up a Python 3.11+ virtual environment, and install dependencies via pip install -r requirements.txt.
• Prerequisites: Python 3.11+, Git. LLM API keys (OpenRouter, OpenAI, Anthropic) are required for cloud LLMs; Ollama is needed for local execution.
• Configuration: Requires editing config.yaml and setting environment variables for API keys.
• Docs: GitHub Repository: https://github.com/threatsimgpt-AI/ThreatSimGPT

Highlighted Details

• Supports multiple LLM providers including OpenAI, Anthropic, OpenRouter, and local Ollama instances for offline use.
• Defines threat scenarios using flexible, version-controlled YAML templates.
• Offers both a Command-Line Interface (CLI) and a FastAPI-based REST API for automation and integration.
• Integrates with cybersecurity datasets such as PhishTank, Enron Email Corpus, and the MITRE ATT&CK framework.
• Provides Docker and Kubernetes deployment options for enterprise environments.

Maintenance & Community

The project is actively maintained (v1.0.0, Nov 2025) with a roadmap extending into Q2 2026, including features like an analytics dashboard and enhanced integrations. Contributions are welcomed, with details provided in a contributing guide. Support is available via GitHub Issues and email.

Licensing & Compatibility

Licensed under the MIT License, which permits commercial use and integration into closed-source projects with minimal restrictions.

Limitations & Caveats

Key features such as "Analytics & Reporting" and the "Safety Framework" are marked as planned (🚧), indicating they are not yet implemented. The project includes a disclaimer emphasizing that it is a simulation tool and users are responsible for ensuring compliance and authorized use, stating "USE AT YOUR OWN RISK."