Key points are not available for this paper at this time.
With the increased complexity of applications and systems, threat modelling struggles to keep pace with the evolution of risks. This article addresses this challenge by exploring how large language models (LLMs) can be leveraged to create comprehensive threat models across different risk assessment methodologies. We examine whether a single generic prompt can support frameworks such as LINDDUN, PASTA, and STRIDE, despite their different requirements. Through this comparative analysis, we identify components that enable AI-based assessments, while acknowledging that privacy, regulatory, and dynamic risks require adaptation of the frameworks. Our findings show that a universal guideline is feasible for broad applications, but adaptation is necessary for effective use. Overall, LLM-based threat modelling improves the accessibility, repeatability, and effectiveness of risk analysis and supports stronger and more sustainable practices.
Jeršič et al. (Tue,) studied this question.