Tachi: An Intelligent Threat Modeling and Security Vulnerability Detection Framework for the AI Era

Tachi is an open-source threat modeling and AI reasoning vulnerability detection framework developed by David Matousek, designed specifically for the Claude Code environment. It fills the gap of traditional security tools in detecting logical-layer vulnerabilities. Through 14 dedicated agents, it implements STRIDE threat classification and MAESTRO layered mapping, providing architecture-level security analysis capabilities. It covers specialized threats for LLM and Agent systems, supports multi-format input and output, and can be integrated into AI-driven development workflows.

Traditional SAST and SCA tools excel at detecting syntax-level vulnerabilities (e.g., SQL injection, XSS). However, with the popularization of AI Agent and LLM applications, security threats have shifted to the architecture level: broken authentication flows, missing permission boundaries, prompt injection attack paths, Agent autonomy gaps, cross-layer attack chains, etc. These issues cannot be detected via syntax scanning and require in-depth reasoning analysis of the system architecture.

The core advantages of Tachi lie in its multi-agent architecture and layered classification system:

1. 14 Types of Dedicated Agents: Cover the six STRIDE threats, five LLM-specific threats (e.g., prompt injection), and three Agent-specific threats (e.g., excessive authorization);
2. MAESTRO 7-Layer Classification: Fully maps AI system threats from the infrastructure layer to the application layer;
3. Full OWASP Framework Coverage: Supports five major OWASP frameworks including LLM Top10 and Agentic Top10, identifying cross-domain composite risks.

Tachi provides six core commands (e.g., /tachi.threat-model generates threat lists and reports), outputs over 20 types of artifacts (including SARIF format for CI/CD), and supports five architecture input formats such as Mermaid and free text. It has a built-in baseline comparison feature to track risk changes, is built based on the AOD Kit, can be seamlessly integrated into the Claude Code development process, and is easy to install with multi-environment support.

Tachi is suitable for:

1. AI Development Teams: Identify architectural defects before coding to reduce repair costs;
2. Security Auditing and Compliance: SARIF output integrates with CI/CD, and PDF reports meet auditing requirements;
3. Education and Training: Developer guides and visual outputs facilitate AI security learning. Community support is comprehensive, and the code is open-source and transparent.

Tachi represents the trend of security tools evolving toward AI-native, using AI reasoning capabilities to detect architectural-layer logical vulnerabilities. In the future, it will expand threat agent coverage, enhance tool integration, and optimize analysis performance for large codebases, and is expected to become a standard tool in the secure development lifecycle of AI applications.