How ThreatKrew Works

Five simple steps from architecture to delivery. Complete threat models in minutes, not weeks.

01

Upload or Describe Your Architecture

Drop in a diagram, paste a description, or point ThreatKrew at your architecture components. The system ingests cloud patterns, data flows, services, trust boundaries, and integrations.

Supported Formats:

Draw.io (.drawio, .xml)
Lucidchart
PlantUML
Text Description

Drag & Drop Interface

Simply drag your architecture files into the browser or paste text descriptions

Automatic Parsing

Intelligent extraction of components, data flows, and trust boundaries

Validation & Preview

Review parsed architecture before analysis to ensure accuracy

02

AI Identifies Components, Threats & Controls

Our inference engine translates your design into components, applies STRIDE, maps real-world attack techniques, and aligns mitigations with the correct NIST 800-53 controls.

What Happens During Analysis:

STRIDE Categorization

Every component and data flow analyzed for Spoofing, Tampering, Repudiation, Information Disclosure, Denial of Service, and Elevation of Privilege threats

MITRE ATT&CK Mapping

Automatic enrichment with relevant tactics, techniques, and procedures from the MITRE ATT&CK framework

NIST Control Mapping

Threat-specific security controls mapped to NIST 800-53 and other compliance frameworks

2-3 min
Avg Analysis Time
Parallel
Processing
100%
Deterministic
03

You Review, Adjust & Approve

ThreatKrew produces a draft threat model with full transparency. You can accept, modify, or override any element. Your expertise stays in the loop.

Export & Integration Options:

Jira Tickets

One-click export to Jira with pre-formatted issues and labels

GitHub Issues

Create issues directly in your repositories with full context

PDF Reports

Executive summaries and detailed technical reports

JSON/CSV Export

Machine-readable formats for custom integrations

What You Get:

  • Complete STRIDE threat inventory with severity ratings
  • MITRE ATT&CK technique mappings for each threat
  • NIST 800-53 control recommendations
  • Prioritized remediation roadmap
  • Architecture diagram with threat annotations

The Complete Workflow

From upload to remediation in one seamless process

Upload

Diagram or description

Analyze

STRIDE + ATT&CK + NIST

Export

Reports & integrations

Average time: 2-3 minutes

Why Teams Choose ThreatKrew

Built by security architects, for security architects

Speed

Complete threat models in minutes instead of weeks. Spend time on remediation, not documentation.

Accuracy

Deterministic analysis means consistent, repeatable results. No AI hallucinations or missed threats.

Standards

Full STRIDE coverage with MITRE ATT&CK and NIST mappings. Compliance-ready from day one.

Ready to Modernise Threat Modelling?

See ThreatKrew in action and learn how we deliver complete threat models in minutes, not weeks.

Book a Demo Explore Features