STRIDE mapping
Spoofing (identity), Tampering (input), Repudiation (audit), Info disclosure, DoS, Elevation of privilege. Standard categories.
Advertisement
LLM-specific
Prompt injection (T). Training data extraction (I). Excessive agency (E). Hallucination as data integrity issue (T).
Advertisement
Attack trees
Per threat, enumerate paths. Score likelihood + impact. Prioritize mitigations.
Trust boundaries
User ↔ frontend ↔ LLM ↔ tools ↔ external services. Each boundary needs validation.