Skip to content
Briefs · engineering

Security Threat Model

Red-team a system to find how an attacker would actually break it.

You walk away with

A threat model with ranked attack paths and the mitigations that matter.

Decidi convenes
Recommended level: DeepThe newest, most capable models — for when being wrong is expensive.
What the council debates
Build a threat model for this system. Think like a motivated, intelligent attacker.

THE SYSTEM:
[describe the system, the data it holds, who uses it, the trust boundaries]
ARCHITECTURE: [auth, data stores, third parties, network boundaries]
WHAT YOU MOST WANT TO PROTECT: [the crown-jewel assets]

Debate:
1. The assets — what is actually worth stealing, corrupting or taking down.
2. The adversaries — who would attack this and what they want.
3. Attack paths — auth bypass, injection, data exposure, supply chain, social engineering, insider, abuse of features.
4. The weakest link and the most plausible real-world breach.
5. Mitigations ranked by risk reduced versus friction added.
6. What we are over-protecting (security theatre) versus under-protecting.

FINAL SYNTHESIS:
- A ranked list of the top attack paths (likelihood × impact), each with the concrete mitigation.
- The single change that most reduces real risk.
- A note on what genuinely needs a professional security review or pen test.