STRIDE mapping

Spoofing (identity), Tampering (input), Repudiation (audit), Info disclosure, DoS, Elevation of privilege. Standard categories.

Advertisement

LLM-specific

Prompt injection (T). Training data extraction (I). Excessive agency (E). Hallucination as data integrity issue (T).

Advertisement

Attack trees

Per threat, enumerate paths. Score likelihood + impact. Prioritize mitigations.