Future-Back Threat Modeling: A Foresight-Driven Security Framework
Vu Van Than
TL;DR
The paper addresses the mismatch between reactive threat modeling and the need to anticipate emergent future threats (e.g., AI-enabled fraud, information warfare, supply-chain disruptions). It introduces Future-Back Threat Modeling (FBTM), a foresight-driven framework that starts with envisioned future states and works backward to test and falsify current safety assumptions, converting insights into actionable governance artifacts. The methodology combines five epistemic principles, a four-phase reflexive workflow, and a three-perspective hypothesis framing, with deception-based validation and a Foresight-to-Evidence Matrix to quantify confidence. A case study applying FBTM to CVE-2025-64446 using a honeypot demonstrates end-to-end integration from foresight to governance, illustrating how such a framework can reveal unknown unknowns and support proactive resilience.
Abstract
Traditional threat modeling remains reactive-focused on known TTPs and past incident data, while threat prediction and forecasting frameworks are often disconnected from operational or architectural artifacts. This creates a fundamental weakness: the most serious cyber threats often do not arise from what is known, but from what is assumed, overlooked, or not yet conceived, and frequently originate from the future, such as artificial intelligence, information warfare, and supply chain attacks, where adversaries continuously develop new exploits that can bypass defenses built on current knowledge. To address this mental gap, this paper introduces the theory and methodology of Future-Back Threat Modeling (FBTM). This predictive approach begins with envisioned future threat states and works backward to identify assumptions, gaps, blind spots, and vulnerabilities in the current defense architecture, providing a clearer and more accurate view of impending threats so that we can anticipate their emergence and shape the future we want through actions taken now. The proposed methodology further aims to reveal known unknowns and unknown unknowns, including tactics, techniques, and procedures that are emerging, anticipated, and plausible. This enhances the predictability of adversary behavior, particularly under future uncertainty, helping security leaders make informed decisions today that shape more resilient security postures for the future.