Threat modeling for LLM applications (STRIDE, ATT&CK for LLMs)
Threat modeling for LLM applications involves systematically identifying and assessing potential security risks specific to large language models. Using frameworks like STRIDE (which covers threats such as Spoofing, Tampering, Repudiation, Information Disclosure, Denial of Service, and Elevation of Privilege) and adapting MITRE ATT&CK for LLMs, organizations can anticipate attack vectors, understand adversarial tactics, and implement effective safeguards to protect sensitive data and maintain model integrity.
Threat modeling for LLM applications (STRIDE, ATT&CK for LLMs)
Threat modeling for LLM applications involves systematically identifying and assessing potential security risks specific to large language models. Using frameworks like STRIDE (which covers threats such as Spoofing, Tampering, Repudiation, Information Disclosure, Denial of Service, and Elevation of Privilege) and adapting MITRE ATT&CK for LLMs, organizations can anticipate attack vectors, understand adversarial tactics, and implement effective safeguards to protect sensitive data and maintain model integrity.
💡 Key Takeaways
- Apply STRIDE to LLM apps by mapping Spoofing, Tampering, Repudiation, Information Disclosure, Denial of Service, and Elevation of Privilege to prompts, models, data, and APIs.
- Use ATT&CK for LLMs to identify attacker techniques across the LLM lifecycle—from data collection and training to deployment and inference.
- Identify common LLM-specific threat scenarios (prompt injection, data leakage, model inversion, supply chain risks, and service disruption) and learn how to detect them.
- Develop practical security and compliance measures for LLMs, including input validation, access controls, auditing, data minimization, model hardening, monitoring, and incident response.
❓ Frequently Asked Questions
What is threat modeling for LLM applications?
Threat modeling is a structured process to identify, assess, and prioritize security risks in LLM-based systems—from inputs and prompts to model deployment and APIs—so you can implement mitigations early.
What does STRIDE stand for and how does it help secure LLM apps?
STRIDE covers Spoofing, Tampering, Repudiation, Information Disclosure, Denial of Service, and Elevation of Privilege. Applying STRIDE to LLMs helps pinpoint where risks arise in data flows, prompts, model access, and infrastructure, guiding targeted mitigations.
What is ATT&CK for LLMs and how is it used in threat modeling?
ATT&CK for LLMs is a knowledge base of attacker techniques tailored to LLM systems. It helps map potential attack paths, compare defenses to real-world techniques, and prioritize mitigations across stages like data input, training, deployment, and monitoring.
What are common mitigations for threats in LLM-based systems?
Mitigations include input validation and sanitization, prompt injection defenses, strict access controls, secure model updates, data privacy protections, comprehensive logging/auditing, anomaly detection, rate limiting, and secure deployment practices.
What are the typical steps in threat modeling for LLM applications?
Define scope and assets, map data flows and trust boundaries, identify threats with STRIDE (and ATT&CK for LLMs), assess risk, apply mitigations, and validate through testing and ongoing monitoring.