Glossary term
Glossary term
Security
A structured analysis of how an AI system could be attacked or misused. It should cover users, prompts, tools, data flows, model access, APIs, plugins, and downstream actions. Good threat models include adversaries, misuse paths, trust boundaries, data sources, tool permissions, retrieval content, logging, and business processes triggered by AI outputs.
Microsoft's STRIDE-AI extension applies STRIDE categories (Spoofing, Tampering, Repudiation, Information disclosure, Denial of service, Elevation of privilege) to AI components.
MITRE ATLAS provides over 90 adversarial techniques mapped against AI systems, used by security teams at Microsoft, IBM, and Palo Alto Networks.
The OWASP AI Exchange (2024) provides 200+ AI security threats and controls referenced in the OWASP LLM Top 10.