STRIDE mapping

Spoofing (identity), Tampering (input), Repudiation (audit), Info disclosure, DoS, Elevation of privilege. Standard categories.

Advertisement

LLM-specific

Prompt injection (T). Training data extraction (I). Excessive agency (E). Hallucination as data integrity issue (T).

Advertisement

Attack trees

Per threat, enumerate paths. Score likelihood + impact. Prioritize mitigations.

Trust boundaries

User ↔ frontend ↔ LLM ↔ tools ↔ external services. Each boundary needs validation.