Publication of "Evaluation of Threat Modeling Methods for AI-Utilizing Systems"
The AI Security Working Group of the Japan Network Security Association (JNSA) has published "Evaluation of Threat Modeling Methods for AI-Utilizing Systems." This report applies and evaluates multiple threat modeling methods (STRIDE, STRIDE+AI, MAESTRO) for assessing threats to AI systems, sharing the results, and is expected to be utilized as training material and reference.
📋 Article Processing Timeline
- 📰 Published: March 30, 2026 at 22:00
- 🔍 Collected: March 30, 2026 at 22:56 (56 min after Published)
- 🤖 AI Analyzed: April 24, 2026 at 07:17 (584h 21m after Collected)
The AI Security Working Group (Leader: Yuichi Hattori) of the Research Department of the Japan Network Security Association (NPO, Chairman: Hiroshi Ezaki) has published "Evaluation of Threat Modeling Methods for AI-Utilizing Systems."
■ Publication URL "Evaluation of Threat Modeling Methods for AI-Utilizing Systems"
https://www.jnsa.org/result/aisec/2025/index.html
■ About this Deliverable
In recent years, with the widespread adoption of AI-utilizing systems, the importance of understanding AI-specific threats and threats to the entire system in which they operate has increased.
Furthermore, as AI advances, new AI-related threats emerge in line with its progress.
"Threat modeling" is one method for understanding the potential impact of such threats on systems under one's management.
The NPO Japan Network Security Association's Research Department AI Security Working Group has been sharing knowledge and accumulating expertise within the working group regarding threats to AI-utilizing systems and methods for analyzing them.
This document was created based on the knowledge gained from these activities, with the aim of applying and evaluating multiple threat modeling methods to several systems with different AI usage patterns and sharing the results.
In this document, the AI usage patterns covered are:
Applications with internal AI functions
Applications utilizing external LLMs (Large Language Models)
Applications using agent-based AI
These three types are targeted. For these, three threat modeling methods—STRIDE, STRIDE+AI, and MAESTRO—were applied, and their characteristics, advantages, and disadvantages were discussed.
Threat modeling was conducted by three teams, each consisting of three members, totaling nine modeling sessions.
This document also publishes overview information of the targeted threat models and the results of each modeling session.
We hope that this deliverable will be utilized as training material for threat modeling for AI-utilizing systems and as a reference when actually conducting threat modeling.
■ Deliverable
The following material is published as the deliverable "Evaluation of Threat Modeling Methods for AI-Utilizing Systems."
https://www.jnsa.org/result/aisec/2025/index.html
■ "Evaluation of Threat Modeling Methods for AI-Utilizing Systems" Creator Member List
Working Group Leader
Yuichi Hattori (Secure Cycle Inc.)
Working Group Members (in alphabetical order by Japanese syllabary)
Kohei Adachi (Secure Cycle Inc.)
Yutaka Igarashi (GIVELY Inc.)
Yoshihiro Saginuma (Secure Cycle Inc.)
Michiaki Ito (ChillStack Inc.)
Yuki Enomoto (Future Secure Wave Inc.)
Nobuaki Kurachi (Fuji Soft Inc.)
Katsuya Shoji (LAC Co., Ltd.)
Toshio Noda (ADSOL NISSIN Inc.)
Ryosei Hamamura (Secure Cycle Inc.)
Masahiro Matsunaga (SECOM Co., Ltd.)
Tamotsu Matsuyama (Nulab Inc.)
■ Contact for this Release
NPO Japan Network Security Association
■ Publication URL "Evaluation of Threat Modeling Methods for AI-Utilizing Systems"
https://www.jnsa.org/result/aisec/2025/index.html
■ About this Deliverable
In recent years, with the widespread adoption of AI-utilizing systems, the importance of understanding AI-specific threats and threats to the entire system in which they operate has increased.
Furthermore, as AI advances, new AI-related threats emerge in line with its progress.
"Threat modeling" is one method for understanding the potential impact of such threats on systems under one's management.
The NPO Japan Network Security Association's Research Department AI Security Working Group has been sharing knowledge and accumulating expertise within the working group regarding threats to AI-utilizing systems and methods for analyzing them.
This document was created based on the knowledge gained from these activities, with the aim of applying and evaluating multiple threat modeling methods to several systems with different AI usage patterns and sharing the results.
In this document, the AI usage patterns covered are:
Applications with internal AI functions
Applications utilizing external LLMs (Large Language Models)
Applications using agent-based AI
These three types are targeted. For these, three threat modeling methods—STRIDE, STRIDE+AI, and MAESTRO—were applied, and their characteristics, advantages, and disadvantages were discussed.
Threat modeling was conducted by three teams, each consisting of three members, totaling nine modeling sessions.
This document also publishes overview information of the targeted threat models and the results of each modeling session.
We hope that this deliverable will be utilized as training material for threat modeling for AI-utilizing systems and as a reference when actually conducting threat modeling.
■ Deliverable
The following material is published as the deliverable "Evaluation of Threat Modeling Methods for AI-Utilizing Systems."
https://www.jnsa.org/result/aisec/2025/index.html
■ "Evaluation of Threat Modeling Methods for AI-Utilizing Systems" Creator Member List
Working Group Leader
Yuichi Hattori (Secure Cycle Inc.)
Working Group Members (in alphabetical order by Japanese syllabary)
Kohei Adachi (Secure Cycle Inc.)
Yutaka Igarashi (GIVELY Inc.)
Yoshihiro Saginuma (Secure Cycle Inc.)
Michiaki Ito (ChillStack Inc.)
Yuki Enomoto (Future Secure Wave Inc.)
Nobuaki Kurachi (Fuji Soft Inc.)
Katsuya Shoji (LAC Co., Ltd.)
Toshio Noda (ADSOL NISSIN Inc.)
Ryosei Hamamura (Secure Cycle Inc.)
Masahiro Matsunaga (SECOM Co., Ltd.)
Tamotsu Matsuyama (Nulab Inc.)
■ Contact for this Release
NPO Japan Network Security Association