SecureByDesign: An LLM-Powered Automated STRIDE Threat Modeling System

SecureByDesign is an open-source end-to-end AI-driven security analysis pipeline. Its core function is to automatically parse system architecture Data Flow Diagrams (DFD) and use large language models (LLMs) for STRIDE threat modeling, enabling automated detection and reasoning of security threats. It aims to address the pain points of traditional manual threat modeling—being time-consuming, labor-intensive, and dependent on expert knowledge—by combining classic security engineering methods with modern AI technologies to provide development teams with an efficient security analysis tool.

In modern software development, security threat modeling is a critical component. The traditional STRIDE method—covering six threats: Spoofing, Tampering, Repudiation, Information Disclosure, Denial of Service, and Elevation of Privilege—requires manual operation, which is not only time-consuming but also demands deep domain knowledge from security experts, making it difficult for many teams to identify risks early in development. With the breakthroughs of large language models in code understanding and natural language processing, automated threat modeling has become possible, and SecureByDesign is a product of this trend.

The technical pillars of SecureByDesign include two parts: 1. DFD Parsing Technology: Identifies external entities, processes, data stores, and data flows in DFDs to establish a complete understanding of the system structure; 2. LLM Reasoning: Converts parsed DFD elements into structured prompts for input into LLMs, performs systematic analysis based on the six dimensions of the STRIDE framework, evaluates security risks of components and interaction paths, and generates detailed threat reports. The reasoning capability of LLMs surpasses traditional rule-based methods and can discover complex attack vectors.

SecureByDesign is suitable for various teams: 1. Agile development teams: Can complete threat modeling without adding significant time during rapid iterations; 2. Small and medium-sized enterprises: Compensates for the lack of security talent and identifies risks in the design phase; 3. Large enterprises: Serves as a supplement to existing security processes and improves the efficiency of architecture reviews; 4. Legacy systems: Quickly generates threat models to provide references for security transformation.

In implementation, SecureByDesign supports multiple DFD input formats and can integrate with different architecture tools; allows flexible access to different LLMs (such as OpenAI GPT, Anthropic Claude, and open-source Llama); supports custom prompt templates to adapt to specific industry compliance requirements; output formats include Markdown, JSON, and visual charts; also supports local deployment of open-source models to protect the privacy of sensitive architecture information.

Current limitations: The quality of LLM output is affected by training data and prompt engineering, which may lead to false positives or false negatives and requires expert review; DFDs of complex distributed systems may not fully express security details. Future directions: Support richer architecture description formats such as C4 models or ADRs; integrate static code analysis to achieve end-to-end verification; integrate threat intelligence data sources; introduce multimodal capabilities to process architecture sketches or photos.

SecureByDesign represents the trend of using AI to enhance traditional methods in the field of security engineering. It combines the STRIDE framework with LLM reasoning to provide development teams with a practical tool to help identify security risks early. For developers and architects, it is not only a tool but also an inspiration—demonstrating the possibility of integrating classic security methods with cutting-edge AI. In the face of complex systems and evolving threats, this automated intelligent analysis will become an important part of ensuring software quality.