AegisShield: Democratizing Cyber Threat Modeling with Generative AI (arxiv.org)

AegisShield is a generative-AI powered threat-modeling system that automates and standardizes cyber threat generation by combining STRIDE and MITRE ATT&CK frameworks with live threat intelligence from the National Vulnerability Database (NVD) and AlienVault Open Threat Exchange (OTX). The tool produces human-readable, actionable threat descriptions and automatically maps them to ATT&CK techniques. In evaluation across 15 case studies (243 human-vetted threats) and more than 8,000 AI-generated threats, AegisShield significantly reduced modeling complexity (p < 0.001), produced outputs semantically aligned with expert-authored threats (p < 0.05), and achieved an 85.4% success rate in mapping threats to MITRE ATT&CK techniques (p < 0.001). For the AI/ML and security communities, AegisShield demonstrates how generative models can scale threat modeling for under-resourced organizations, accelerating “secure-by-design” practices and early risk identification. Key technical implications include practical integration of LLM-driven synthesis with structured threat taxonomies (STRIDE/ATT&CK) and real-time vulnerability feeds (NVD/OTX), enabling repeatable, auditable outputs. While promising for automation and wider adoption, the approach still implies the need for expert oversight to validate edge cases and avoid overreliance on model outputs—making it a force-multiplier rather than a full replacement for security analysts.