Key insight

Threat modeling asks four plain questions on paper, before anything ships: what are we building, what could go wrong, what are we doing about it, and did we do a good enough job. AI agents need a completely fresh round of this exercise, because the traditional list of risks was built for software that follows code, not software that follows language it can be tricked by.

Before building a bridge, an engineer does not simply start pouring concrete and hope it holds. They sit down first and reason through what forces the bridge will face, where it could fail, and what design choices prevent each failure, all on paper, before anything is built. Threat modeling is that exact same habit, applied to a computer system instead of a bridge.

1 · The everyday habit behind the practice

Threat modeling means sitting down, deliberately, before a system ships, and reasoning through what could go wrong with it and what you plan to do about each thing, on paper, with the right people in the room. It is cheap precisely because it happens before anything is built or deployed. The exact same reasoning, done for the first time after a system is already live and something has already gone wrong, is dramatically more expensive, and arrives far too late to actually prevent the problem it is examining.

2 · The four plain questions

The four threat modeling questions shown as four sequential boxes Four teal boxes in a row are labelled what are we building, what could go wrong, what are we doing about it, and did we do a good enough job, connected by arrows showing the sequential flow of the exercise. What are webuilding? What could gowrong? What are wedoing about it? Good enoughjob?
Figure 1. The exercise is deliberately simple: four questions, answered honestly, in order.

3 · A worked example: modeling a simple login page

What are we building? A login page that checks a username and password. What could go wrong? Someone could guess a weak password by trying thousands of combinations quickly; someone could steal a password through phishing; someone could intercept the password while it travels over the network. What are we doing about it? Lock an account after several failed attempts; require a second verification step beyond just the password; encrypt the connection so nothing can be read in transit. Did we do a good enough job? Have someone who did not build the page try to break it using only what was written down, before the page ever reaches real users.

4 · Why AI agents need a fresh round of modeling

The traditional list of things that could go wrong was built for traditional software, and it never accounted for a system that can be fooled by cleverly worded language rather than a technical flaw in its code. An AI agent’s threat model has to ask new questions a traditional web application’s threat model never needed to ask: what happens if content the agent reads contains hidden instructions meant for it rather than for a human reader; what happens if two of the agent’s individually reasonable tools get combined into something neither tool was ever meant to allow alone. Reusing an old threat model built for older kinds of software quietly leaves an agent’s newest and most dangerous risks completely unexamined.

5 · Applying threat modeling on purpose

6 · A simple test you can run this week

Try this before an incident forces the question

1. Pick one system, or one AI agent, you are responsible for.
2. Write down, on paper, what it is, what could go wrong, and what you are doing about each one.
3. Show it to someone who did not build it.
4. Note every gap they find that you had not already written down.

7 · Glossary — every short-form term, spelled out

Threat modeling
A deliberate, written exercise of asking what a system is, what could go wrong with it, what is being done about each risk, and whether that was done well enough.
AI agent
Software that decides, on its own, which tools to call and which actions to take, based on instructions written in ordinary language.
Key takeaways

Threat modeling asks four plain questions, on paper, before a system ships.
It is cheap because it happens before anything is built; the same reasoning after an incident is far more expensive.
AI agents need a fresh round of it, because old threat models never accounted for language-based tricks or tool combinations.
Do it before shipping, include outsiders, write it down, and revisit it whenever the system changes.

References

  1. OWASP Foundation, Threat Modeling Cheat Sheet, Open Worldwide Application Security Project. owasp.org