Evaluation of Threat Modeling Methods for AI-Utilized Systems Released

The Japan Network Security Association (JNSA) (Chairman: Hiroshi Ezaki), through its Research and Development Committee AI Security Working Group (Leader: Yuichi Hattori), has released the "Evaluation of Threat Modeling Methods for AI-Utilized Systems."

■ URL: "Evaluation of Threat Modeling Methods for AI-Utilized Systems"

https://www.jnsa.org/result/aisec/2025/index.html

■ About This Deliverable

In recent years, with the widespread adoption of AI-utilized systems, the importance of understanding AI-specific threats and threats to the entire systems in which they operate has been increasing.

Furthermore, with the advancement of AI, new threats related to AI are emerging in line with its progress.

One method for understanding the potential impact of such threats on systems under one's own management is "threat modeling."

The AI Security Working Group of the JNSA's Research and Development Committee has been sharing insights within the working group regarding threats to AI-utilized systems and methods for analyzing them, accumulating knowledge.

This document has been created with the aim of applying and evaluating multiple threat modeling methods for various systems with different AI usage patterns, based on the knowledge gained from these activities, and sharing the results.

In this document, the following three types of AI usage patterns are targeted:

Applications with internal AI functions

Applications that utilize external LLMs (Large Language Models)

Applications using agent-based AI

For these, three threat modeling methods – STRIDE, STRIDE+AI, and MAESTRO – were applied, and their respective characteristics, advantages, and disadvantages are discussed.

Threat modeling was conducted by three teams, each consisting of three members, for a total of nine modeling sessions.

This document also discloses overview information of the targeted threat models and the results of each modeling session.

It is expected that this deliverable will be utilized as training material for threat modeling of AI-utilized systems and as a reference for conducting actual threat modeling.

■ Deliverable

The following document is released as the deliverable "Evaluation of Threat Modeling Methods for AI-Utilized Systems":

https://www.jnsa.org/result/aisec/2025/index.html

■ List of Members for "Evaluation of Threat Modeling Methods for AI-Utilized Systems"

Working Group Leader

Yuichi Hattori (Secure Cycle Inc.)

Working Group Members (in Japanese syllabary order)

Kohei Adachi (Secure Cycle Inc.)

Yutaka Igarashi (GIbberish Inc.)

Yoshihiro Sunagane (Secure Cycle Inc.)

Michiaki Ito (ChillStack Inc.)

Yuki Enomoto (Future Secure Wave Inc.)

Nobuaki Kurachi (Fujisoft Incorporated)

Katsuya Shoji (LAC Co., Ltd.)

Toshio Noda (ADSOL NISSIN CORPORATION)

Ryosei Hamamura (Secure Cycle Inc.)

Masahiro Matsunaga (SECOM CO., LTD.)

Tamotsu Matsuyama (Nulab Inc.)

■ Inquiries Regarding This Release

Non-Profit Organization