STRIDE was designed for traditional software, but AI systems break its assumptions across prompts, training data, tool chains, and agent workflows, so STRIDE-AI remaps the six threat categories for machine learning environments. It also highlights AI-specific extensions like MAESTRO and ASTRIDE for modeling threats such as prompt injection, data poisoning, model spoofing, denial of wallet, and excessive agency. #STRIDE-AI #MAESTRO #ASTRIDE #OWASPLLMTop10
Keypoints
- STRIDE needs AI-specific adaptation because AI systems are non-deterministic and lack clear trust boundaries.
- Model spoofing and agent identity spoofing can let attackers impersonate trusted models or agents.
- Tampering includes training data poisoning, prompt injection, and RAG document poisoning.
- AI agents increase repudiation risk because full reasoning chains and tool actions are often not logged.
- STRIDE-AI, MAESTRO, and ASTRIDE extend threat modeling for AI pipelines, layered architectures, and agentic attacks.
Read More: https://www.toxsec.com/p/how-to-threat-model-ai-applications