Classical threat modeling was designed for systems that behave like machines. Agentic AI behaves like an ecosystem. This paper argues that the fracture between these two paradigms is not a gap to be filled by extending existing frameworks — it is a structural incompatibility that requires a different discipline entirely. Threat modeling asks what could go wrong. Governance asks what must never be allowed to happen, no matter how the system evolves. For agentic AI, only the second question is sufficient. This paper defines the failure modes of classical threat modeling when applied to agentic systems, names the properties of agentic behavior that defeat the paradigm's core assumptions, and proposes governance — understood as geometry rather than compliance — as the necessary replacement layer. The OWASP AI Exchange threat model one-pager (released April 2026) is cited as a representative example of well-executed work that remains bounded by the paradigm this paper critiques.
Narnaiezzsshaa Truong (Mon,) studied this question.