Large Language Model Assisted Threat Modeling

Abstract

Threat modeling aims to identify and address potential threats early in the product development lifecycle, but is often a time-consuming process involving extensive collaboration between product security and development teams, and relying heavily on analyzing various input documentation. This thesis explores the use of Retrieval Augmented Generation (RAG) Large Language Models (LLMs) as an innovative approach to enhance the threat modeling process. This study is pioneering in its use of LLMs for this purpose and the creation of a subset of related vulnerabilities to be passed as input to make sure the model has access to up-to-date information. The findings of this study reveal the capability of utilizing a RAG LLM to assist in threat modeling.