International Journal of Open Information Technologies

This article describes software that extends the capabilities of the OWASP Threat Dragon threat modeling project for LLM agent-based systems. New diagram components, attributes of new and existing components in Threat Dragon, and the ability to automatically identify threats based on rules are added. The structure defined by OWASP is taken as a reference structure of the LLM agent. The developed software adds support for LLM agent components, allows you to specify 27 new attributes, and automatically identifies threats based on 38 rules. A rule consists of a set of conditions under which a threat may occur, a description of a scenario taken from OWASP documentation, and the mitigations used for this threat, which can be proactive, reactive, and detective. The rule also specifies the threat type according to the STRIDE methodology. The flow diagram of the analyzed system is built manually, and the attributes of all components are also defined manually. Then, threats are automatically added to the diagram based on the diagram, attributes, and rules. If at least one condition is met, the threat will be added to the Threat Dragon diagram for the corresponding component. The authors defined a fairly simple syntax for the rules, which makes it easy to describe new threats, which will then be automatically added to the diagram. The development has received positive feedback from OWASP Threat Dragon leaders. It closes an important gap in the field of LLM agent security and offers a flexible, extensible tool for practical use. The article also provides an overview of seven threat modeling methodologies: STRIDE, LINDDUN, PASTA, STRIDE-AI, PLOT4ai, ADMIn and MAESTRO. An overview of threat modeling software is provided: OWASP Threat Dragon, OWASP pytm, Microsoft Threat Modeling Tool and ThreatFinderAI.

Luo J., Zhang W., Yuan Y. i dr. Large Language Model Agent: A Survey on Methodology, Applications and Challenges [Jelektronnyj resurs] // arXiv, 27 mar. 2025. URL: https://arxiv.org/abs/2503.21460.

Threat Modeling Overview [Jelektronnyj resurs] // OWASP Community Projects. URL: https://owasp.org/www-community/Threat_Modeling#:~:text=Threat%20modeling%20is%20a%20family,of%2C%20threats%20to%20the%20system.

What is a Data Flow Diagram (DFD)? [Jelektronnyj resurs] // IBM Think Blog, 22 noja. 2024. URL: https://www.ibm.com/think/topics/data-flow-diagram.

Allen-Addy C. Threat Modeling Methodology: STRIDE [Jelektronnyj resurs] // Blog IriusRisk, 29 sen. 2023. URL: https://www.iriusrisk.com/resources-blog/threat-modeling-methodology-stride.

LINDDUN — Privacy Threat Modeling Framework [Jelektronnyj resurs]. URL: https://linddun.org/.

Uceda Vélez T., Morana M. M. Risk Centric Threat Modeling: Process for Attack Simulation and Threat Analysis. Hoboken (N.J.): Wiley, 2015. 696 p. DOI 10.1002/9781118988374.

Mauri L., Damiani E. Modeling Threats to AI-ML Systems Using STRIDE (Sensors, 2022, Vol. 22, No. 17, Art. 6662) [Jelektronnyj resurs]. URL: https://www.mdpi.com/1424-8220/22/17/6662.

PLOT4ai Library — Practical Library of Threats 4 Artificial Intelligence [Jelektronnyj resurs] // GitHub repozitorij, vers. ot 3 nojab. 2022. URL: https://github.com/PLOT4ai/plot4ai-library.

Kumar V., Mayo J., Bahiss K. ADMIn: Attacks on Dataset, Model and Input. A Threat Model for AI Based Software [Jelektronnyj resurs]. arXiv, 15 janv. 2024. URL: https://arxiv.org/abs/2401.07960.

Huang K. Agentic AI Threat Modeling Framework: MAESTRO [Jelektronnyj resurs] // Cloud Security Alliance Blog, 6 fev. 2025. URL: https://cloudsecurityalliance.org/blog/2025/02/06/agentic-ai-threat-modeling-framework-maestro.

Huang K. 7 Layered Agentic AI Reference Architecture [Jelektronnyj resurs] // Medium, 21 dek. 2024. URL: https://kenhuangus.medium.com/7-layered-agentic-ai-reference-architecture-20276f83b7ee.

OWASP Threat Dragon — Project Site [Jelektronnyj resurs]. URL: https://owasp.org/www-project-threat-dragon/.

OWASP pytm — Pythonic Framework for Threat Modeling [Jelektronnyj resurs]. URL: https://owasp.org/www-project-pytm/.

Microsoft Threat Modeling Tool: Release Notes i Zagruzka [Jelektronnyj resurs] // Microsoft Learn, 26 okt. 2023. URL: https://learn.microsoft.com/azure/security/develop/threat-modeling-tool-releases.

von der Assen J., Sharif J., Feng C. i dr. Asset-Centric Threat Modeling for AI-Based Systems // Proc. IEEE Int. Conf. on Cyber Security and Resilience, 2024. Pp. 437–444. DOI 10.1109/CSR61664.2024.10679445.

draw.io / diagrams.net — Flowchart Maker & Online Diagram Software [Jelektronnyj resurs]. URL: https://app.diagrams.net/.

European Union Agency for Cybersecurity (ENISA), “Artificial Intelligence Cybersecurity Challenges, Threat Landscape for Artificial Intelligence,” 2020.

OWASP Foundation, “AI Exchange,” May 2024, https://owaspai.org/.

The MITRE Corporation, “MITRE ATLAS (Adversarial Threat Landscape for Artificial-Intelligence Systems),” https://atlas.mitre.org/.

Agentic AI – Threats and Mitigations / OWASP Agentic Security Initiative. – Version 1.0 – February 2025. – URL: https://genai.owasp.org/resource/agentic-ai-threats-and-mitigations/

OWASP/threat-dragon. Pull Request #1261: Automative threat generation for LLM-agent based systems [Jelektronnyj resurs]. URL: https://github.com/OWASP/threat-dragon/pull/1261

ISO/IEC 27001:2022 – Information security, cybersecurity and privacy protection – Information security management systems – Requirements [Jelektronnyj resurs]. – Mezhdunarodnaja organizacija po standartizacii (ISO). URL: https://www.iso.org/standard/27001.html

National Institute of Standards and Technology. NIST Cybersecurity Framework 2.0 [Jelektronnyj resurs] / U.S. Department of Commerce. – Gaithersburg, MD, 2024. – (NIST Cybersecurity Framework, CSWP 29). URL: https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.29.pdf

Suhomlin, Vladimir Aleksandrovich. "Sozdanie profilja" Kiberbezopasnost' i iskusstvennyj intellekt" dlja napravlenija podgotovki FIIT na osnove kurrikulumnogo podhoda." Sovremennye informacionnye tehnologii i IT-obrazovanie 17.3 (2021): 724-734.

Laponina, Olga R., and Sergey A. Malakhovsky. "Using the ZAP vulnerability scanner to test web applications." International Journal of Open Information Technologies 5.8 (2017): 18-26.

Osincev, Aleksandr A., and Olga R. Laponina. "Vulnerability testing in web applications external entities XML." International Journal of Open Information Technologies 7.10 (2019): 71-79.

O rabotah po cifrovoj jekonomike / V. P. Kuprijanovskij, D. E. Namiot, S. A. Sinjagov, A. P. Dobrynin // Sovremennye informacionnye tehnologii i IT-obrazovanie. – 2016. – T. 12, # 1. – S. 243-249. – EDN XEQRFJ.

Volkov, A. A. O zadachah sozdanija jeffektivnoj infrastruktury sredy obitanija / A. A. Volkov, D. E. Namiot, M. A. Shneps-Shneppe // International Journal of Open Information Technologies. – 2013. – T. 1, # 7. – S. 1-10. – EDN ROMIZX.