Threat Modeling for AI: The Case for an Asset-Centric Approach

TL;DR

This paper proposes an asset-centric threat modeling methodology tailored for AI systems with autonomous agents, enabling comprehensive security analysis that addresses unique AI vulnerabilities in complex, distributed environments.

Contribution

It introduces a novel bottom-up, asset-focused threat modeling approach specifically designed for integrated AI agents, improving security assessment across diverse AI-enabled infrastructures.

Findings

Enables systematic identification of AI-specific vulnerabilities.

Allows security assessment without detailed knowledge of third-party AI components.

Supports scalable security analysis for complex autonomous AI systems.

Abstract

Recent advances in AI are transforming AI's ubiquitous presence in our world from that of standalone AI-applications into deeply integrated AI-agents. These changes have been driven by agents' increasing capability to autonomously make decisions and initiate actions, using existing applications; whether those applications are AI-based or not. This evolution enables unprecedented levels of AI integration, with agents now able to take actions on behalf of systems and users -- including, in some cases, the powerful ability for the AI to write and execute scripts as it deems necessary. With AI systems now able to autonomously execute code, interact with external systems, and operate without human oversight, traditional security approaches fall short. This paper introduces an asset-centric methodology for threat modeling AI systems that addresses the unique security challenges posed by integrated AI agents. Unlike existing top-down frameworks that analyze individual attacks within specific product contexts, our bottom-up approach enables defenders to systematically identify how vulnerabilities -- both conventional and AI-specific -- impact critical AI assets across distributed infrastructures used to develop and deploy these agents. This methodology allows security teams to: (1) perform comprehensive analysis that communicates effectively across technical domains, (2) quantify security assumptions about third-party AI components without requiring visibility into their implementation, and (3) holistically identify AI-based vulnerabilities relevant to their specific product context. This approach is particularly relevant for securing agentic systems with complex autonomous capabilities. By focusing on assets rather than attacks, our approach scales with the rapidly evolving threat landscape while accommodating increasingly complex and distributed AI development pipelines.