English

STRIDE-AI: A Threat Modeling Framework for Generative AI Security Assessment

Cryptography and Security 2026-05-19 v1 Artificial Intelligence

Abstract

Traditional cybersecurity methodologies target deterministic systems and fail to address the probabilistic nature of AI, leaving systems vulnerable to attack vectors such as model inversion, data poisoning, and prompt injection. Recent industry reports indicate that a majority of organizations deploying AI lack a dedicated security strategy, with adversarial attacks increasing rapidly year-over-year. We present \textit{STRIDE-AI}, a framework that bridges the gap between high-level risk standards (NIST AI RMF) and technical vulnerability taxonomies (OWASP LLM Top 10). The framework defines a six-phase assessment lifecycle, introduces a threat modeling adaptation of classical STRIDE for AI systems, and is operationalized through a purpose-built web tool. We provide an initial validation of the approach through a black-box assessment of a deployed LLM chatbot, which successfully reduced the attack success rate from 80\% to 15\% in our sandbox case study.

Keywords

Cite

@article{arxiv.2605.17163,
  title  = {STRIDE-AI: A Threat Modeling Framework for Generative AI Security Assessment},
  author = {Tsafac Nkombong Regine Cyrille and Franziska Schwarz},
  journal= {arXiv preprint arXiv:2605.17163},
  year   = {2026}
}

Comments

4 pages, 5 figures , 2 tables, CIIT 2026 23rd International Conference on Informatics and Information Technologies (CIIT)