Publication of "Evaluation of Threat Modeling Methods for AI-Utilized Systems"
The Japan Network Security Association (JNSA) has released a report evaluating various threat modeling methods for systems that incorporate AI. The document analyzes three specific AI application patterns using three different threat modeling frameworks to provide practical guidance for security professionals.
📋 Article Processing Timeline
- 📰 Published: March 30, 2026 at 22:00
- 🔍 Collected: March 30, 2026 at 22:56 (56 min after Published)
- 🤖 AI Analyzed: June 2, 2026 at 13:02 (1526h 6m after Collected)
The AI Security Working Group (Leader: Yuichi Hattori) of the Research and Study Committee of the Japan Network Security Association (Chairman: Hiroshi Esaki) has published "Evaluation of Threat Modeling Methods for AI-Utilized Systems."
■ URL for the report: "Evaluation of Threat Modeling Methods for AI-Utilized Systems"
https://www.jnsa.org/result/aisec/2025/index.html
■ About this deliverable
In recent years, with the widespread adoption of AI-utilized systems, it has become increasingly important to understand threats specific to AI as well as threats to the entire system in which they operate.
Furthermore, as AI advances, new threats related to AI are emerging in tandem with these developments.
"Threat modeling" is one method for identifying the potential impact of such threats on systems under one's management.
The AI Security Working Group of the JNSA Research and Study Committee has been accumulating knowledge by sharing information within the working group regarding threats to AI-utilized systems and methods for analyzing them.
This document was created based on the insights gained from these activities, with the objective of applying and evaluating multiple threat modeling methods across various systems with different AI usage patterns, and sharing the results.
This document covers the following three types of AI usage patterns:
- Applications with internal AI functionality
- Applications that utilize external LLMs (Large Language Models)
- Applications using agent-based AI
For these, we applied three threat modeling methods—STRIDE, STRIDE+AI, and MAESTRO—and examined their respective characteristics, advantages, and disadvantages.
Threat modeling was conducted by three teams, each consisting of three members, for a total of nine modeling sessions.
Additionally, this document discloses summary information regarding the threat models used and the results of each modeling session.
We hope that this deliverable will be utilized as training material for threat modeling in AI-utilized systems and as a reference document when conducting actual threat modeling.
■ Deliverable
The following material is published as the deliverable "Evaluation of Threat Modeling Methods for AI-Utilized Systems."
https://www.jnsa.org/result/aisec/2025/index.html
■ List of contributors for "Evaluation of Threat Modeling Methods for AI-Utilized Systems"
Working Group Leader:
Yuichi Hattori (Secure Cycle, Inc.)
Working Group Members (in Japanese alphabetical order):
Kohei Adachi (Secure Cycle, Inc.)
Yu Igarashi (Givery, Inc.)
Yoshihiro Sakin (Secure Cycle, Inc.)
Michiaki Ito (ChillStack, Inc.)
Yuki Enomoto (Future Secure Wave Co., Ltd.)
Nobuaki Kurachi (Fuji Soft Incorporated)
Katsuya Shoji (LAC Co., Ltd.)
Toshio Noda (Adsol Nissin Corporation)
Hamamura Ryosei (Secure Cycle, Inc.)
Masahiro Matsunaga (SECOM Co., Ltd.)
Tamotsu Matsuyama (Nulab Inc.)
■ Inquiries regarding this release
Japan Network Security Association Secretariat
E-Mail: sec@jnsa.org TEL: 03-6435-6540
■ Corporate Overview
[Company Name] Japan Network Security Association (NPO)
[Address] Hinokiya Building 4F, 5-7-12 Shinbashi, Minato-ku, Tokyo
[Secretary General] Masahiro Shimomura
[Established] July 2001
[Website] http://www.jnsa.org/
■ URL for the report: "Evaluation of Threat Modeling Methods for AI-Utilized Systems"
https://www.jnsa.org/result/aisec/2025/index.html
■ About this deliverable
In recent years, with the widespread adoption of AI-utilized systems, it has become increasingly important to understand threats specific to AI as well as threats to the entire system in which they operate.
Furthermore, as AI advances, new threats related to AI are emerging in tandem with these developments.
"Threat modeling" is one method for identifying the potential impact of such threats on systems under one's management.
The AI Security Working Group of the JNSA Research and Study Committee has been accumulating knowledge by sharing information within the working group regarding threats to AI-utilized systems and methods for analyzing them.
This document was created based on the insights gained from these activities, with the objective of applying and evaluating multiple threat modeling methods across various systems with different AI usage patterns, and sharing the results.
This document covers the following three types of AI usage patterns:
- Applications with internal AI functionality
- Applications that utilize external LLMs (Large Language Models)
- Applications using agent-based AI
For these, we applied three threat modeling methods—STRIDE, STRIDE+AI, and MAESTRO—and examined their respective characteristics, advantages, and disadvantages.
Threat modeling was conducted by three teams, each consisting of three members, for a total of nine modeling sessions.
Additionally, this document discloses summary information regarding the threat models used and the results of each modeling session.
We hope that this deliverable will be utilized as training material for threat modeling in AI-utilized systems and as a reference document when conducting actual threat modeling.
■ Deliverable
The following material is published as the deliverable "Evaluation of Threat Modeling Methods for AI-Utilized Systems."
https://www.jnsa.org/result/aisec/2025/index.html
■ List of contributors for "Evaluation of Threat Modeling Methods for AI-Utilized Systems"
Working Group Leader:
Yuichi Hattori (Secure Cycle, Inc.)
Working Group Members (in Japanese alphabetical order):
Kohei Adachi (Secure Cycle, Inc.)
Yu Igarashi (Givery, Inc.)
Yoshihiro Sakin (Secure Cycle, Inc.)
Michiaki Ito (ChillStack, Inc.)
Yuki Enomoto (Future Secure Wave Co., Ltd.)
Nobuaki Kurachi (Fuji Soft Incorporated)
Katsuya Shoji (LAC Co., Ltd.)
Toshio Noda (Adsol Nissin Corporation)
Hamamura Ryosei (Secure Cycle, Inc.)
Masahiro Matsunaga (SECOM Co., Ltd.)
Tamotsu Matsuyama (Nulab Inc.)
■ Inquiries regarding this release
Japan Network Security Association Secretariat
E-Mail: sec@jnsa.org TEL: 03-6435-6540
■ Corporate Overview
[Company Name] Japan Network Security Association (NPO)
[Address] Hinokiya Building 4F, 5-7-12 Shinbashi, Minato-ku, Tokyo
[Secretary General] Masahiro Shimomura
[Established] July 2001
[Website] http://www.jnsa.org/