ASTRIDE: A Security Threat Modeling Platform for Agentic-AI Applications
Eranga Bandara, Amin Hass, Ross Gore, Sachin Shetty, Ravi Mukkamala, Safdar H. Bouk, Xueping Liang, Ng Wee Keong, Kasun De Zoysa, Aruna Withanage, Nilaan Loganathan
TL;DR
This work introduces ASTRIDE, an automated threat modeling platform tailored for AI agent-based systems. By extending STRIDE with an AI Agent-Specific category and integrating a consortium of fine-tuned vision-language models with the OpenAI-gpt-oss reasoning LLM, ASTRIDE performs end-to-end threat analysis directly from architectural diagrams. The approach emphasizes automation, explainability, and scalability, and demonstrates improved detection of AI-specific threats such as prompt injection and unsafe tool invocation. Practical deployment leverages a data lake, a multimodel VLM ensemble, and LLM agents for orchestration, achieving accurate, reproducible threat models with edge-friendly inference via Unsloth/QLoRA. Overall, ASTRIDE represents a first step toward diagram-driven, AI-focused threat modeling for next-generation agentic systems.
Abstract
AI agent-based systems are becoming increasingly integral to modern software architectures, enabling autonomous decision-making, dynamic task execution, and multimodal interactions through large language models (LLMs). However, these systems introduce novel and evolving security challenges, including prompt injection attacks, context poisoning, model manipulation, and opaque agent-to-agent communication, that are not effectively captured by traditional threat modeling frameworks. In this paper, we introduce ASTRIDE, an automated threat modeling platform purpose-built for AI agent-based systems. ASTRIDE extends the classical STRIDE framework by introducing a new threat category, A for AI Agent-Specific Attacks, which encompasses emerging vulnerabilities such as prompt injection, unsafe tool invocation, and reasoning subversion, unique to agent-based applications. To automate threat modeling, ASTRIDE combines a consortium of fine-tuned vision-language models (VLMs) with the OpenAI-gpt-oss reasoning LLM to perform end-to-end analysis directly from visual agent architecture diagrams, such as data flow diagrams(DFDs). LLM agents orchestrate the end-to-end threat modeling automation process by coordinating interactions between the VLM consortium and the reasoning LLM. Our evaluations demonstrate that ASTRIDE provides accurate, scalable, and explainable threat modeling for next-generation intelligent systems. To the best of our knowledge, ASTRIDE is the first framework to both extend STRIDE with AI-specific threats and integrate fine-tuned VLMs with a reasoning LLM to fully automate diagram-driven threat modeling in AI agent-based applications.