Threat Models
Threat models define attacker capability, target system boundary, objective, and success criteria.
Template
- Actor:
- Access:
- Knowledge:
- Control:
- Objective:
- Success criteria:
- Observable evidence:
- Relevant mitigations:
Initial Families
- External user attacks against hosted models
- Indirect prompt injection through retrieved or browsed content
- Insider or supply-chain compromise during training and fine-tuning
- Model provider extraction or privacy attacks by API users
- Autonomous agent tool abuse or unsafe delegation