100 Best ChatGPT Prompts for Cybersecurity Threat Modeling
A practical prompt library page with 100 ready-to-use ChatGPT prompts for Cybersecurity Threat Modeling.
Best For
Security architects, threat modeling practitioners, security engineers, risk managers
Prompt Use Cases
- Threat modeling for systems and apps
- Risk prioritization and mitigation planning
- Security design reviews
- Compliance mapping
- Threat simulation and tabletop exercises
Introduction
This page is a practical prompt library for Cybersecurity Threat Modeling. It is designed for security professionals, threat modelers, and teams who want ready-to-use prompts to simulate threats, reason about mitigations, and produce actionable threat models without improvisation.
Use these prompts to quickly generate structured threat models, identify high-risk vectors, and build a repeatable process for security design reviews and audits.
Direct Answer
The best ChatGPT prompts for Cybersecurity Threat Modeling are a comprehensive, ready-to-use set of 100 prompts that guide you through system definition, threat identification using STRIDE, risk prioritization, mitigation planning, and executive-ready reporting. These prompts are crafted to produce concrete outputs that you can act on today.
How to Use These ChatGPT Prompts
- Replace placeholders in [placeholder] with your actual system details (e.g., systemDescription, assets, dataFlows).
- Add concrete constraints and success criteria in [constraints] to tailor outputs.
- Request outputs in a structured JSON format or a readable report, as shown in Output format within each prompt.
- Verify outputs by cross-checking against your architecture diagrams, data flows, and control inventories.
100 Best ChatGPT Prompts for Cybersecurity Threat Modeling
- Define system boundary and critical assets — Role: Cybersecurity Threat Modeler. Task: Define the system boundary and identify critical assets for the given system. Context: System description: [systemDescription], Assets: [assets], Data flows: [dataFlows], Trust boundaries: [trustBoundaries], Constraints: [constraints]. Output format: A structured threat model in JSON with fields: assets, dataFlows, threats (per asset/data flow using STRIDE), mitigations, riskRatings. Constraints: Use STRIDE, prioritize high-risk items, and provide actionable mitigations.
- Identify attacker profiles and capabilities — Role: Threat Modeling Lead. Task: Define attacker profiles and capabilities relevant to the system. Context: System: [systemDescription], Threat actors: [adversaryProfiles], Capabilities: [capabilities], Constraints: [constraints]. Output: JSON with attacker profiles and potential attack paths.
- Map data flows and trust boundaries — Role: Data Flow Architect. Task: Map all data flows and delineate trust boundaries between components. Context: System: [systemDescription], Data flows: [dataFlows], Components: [components], Constraints: [constraints]. Output: JSON with data flow diagrams described textually and trust boundary notes.
- Enumerate entry points and attack surfaces — Role: Attack Surface Analyst. Task: List all entry points and attack surfaces for the system. Context: System: [systemDescription], Interfaces: [interfaces], External dependencies: [dependencies], Constraints: [constraints]. Output: JSON with surface areas, risk indicators, and suggested mitigations.
- Apply STRIDE threats to assets — Role: Threat Modeler. Task: Apply STRIDE categories to each asset and data flow. Context: Assets: [assets], Data flows: [dataFlows], Constraints: [constraints]. Output: JSON mapping of STRIDE threats per asset/flow with initial risk rating.
- Document threats per asset and data flow — Role: Threat Auditor. Task: Document identified threats for each asset and data flow using STRIDE. Context: Assets: [assets], Data flows: [dataFlows], Threats: [threats]. Output: JSON with asset-threat pairs and rationale.
- Model privilege levels and access control gaps — Role: Access Control Specialist. Task: Model privilege levels and identify gaps in access control. Context: System: [systemDescription], Roles: [roles], Privileges: [privileges], Constraints: [constraints]. Output: JSON detailing role-based access anomalies and mitigation ideas.
- Analyze authentication and session management weaknesses — Role: Security Architect. Task: Analyze authentication and session management weaknesses. Context: System: [systemDescription], Authentication: [authMechanisms], Sessions: [sessionManagement], Constraints: [constraints]. Output: JSON with weaknesses, risk levels, and recommended improvements.
- Review network segmentation and perimeter controls — Role: Network Security Analyst. Task: Review segmentation and perimeter controls. Context: Network: [networkTopology], Segments: [segments], PerimeterControls: [controls], Constraints: [constraints]. Output: JSON with segmentation gaps and mitigations.
- Assess data at rest and in transit protections — Role: Data Security Specialist. Task: Assess protections for data at rest and in transit. Context: Data: [dataTypes], Storage: [storages], Transport: [transports], Encryption: [encryption], Constraints: [constraints]. Output: JSON with risk-based recommendations.
- Evaluate logging and monitoring coverage — Role: Monitoring Engineer. Task: Evaluate logging and monitoring coverage. Context: Systems: [systems], Logs: [logTypes], Monitoring: [monitors], Constraints: [constraints]. Output: JSON listing gaps and recommended telemetry.
- Assess incident response readiness — Role: IR Lead. Task: Assess incident response readiness. Context: IR plan: [irPlan], Runbooks: [runbooks], Detection: [detections], Constraints: [constraints]. Output: JSON with gaps and improvements.
- Enumerate third-party dependencies and risks — Role: Supply Chain Analyst. Task: Enumerate third-party dependencies and associated risks. Context: Dependencies: [dependencies], Vendors: [vendors], Threats: [threats], Constraints: [constraints]. Output: JSON mapping dependencies to risks and mitigations.
- Perform risk scoring with a standard framework — Role: Risk Analyst. Task: Score threats using a standard framework (e.g., STRIDE-derived risk). Context: Threats: [threats], Likelihood: [likelihood], Impact: [impact], Constraints: [constraints]. Output: JSON with risk scores and prioritization.
- Identify misconfigurations and insecure defaults — Role: Configuration Auditor. Task: Identify misconfigurations and insecure defaults. Context: System: [systemDescription], Configs: [configs], Baselines: [baselines], Constraints: [constraints]. Output: JSON detailing misconfigurations and recommended fixes.
- Simulate attacker path using attack graphs — Role: Threat Modeler. Task: Create and analyze an attacker path using attack graphs. Context: System: [systemDescription], Graph: [attackGraph], Constraints: [constraints]. Output: JSON with attacker path scores and mitigations.
- Prioritize mitigations by risk level and cost — Role: Security Planner. Task: Prioritize mitigations by risk and cost. Context: Risks: [risks], Costs: [costs], Constraints: [constraints]. Output: JSON with prioritized mitigation plan.
- Define security requirements from threats — Role: Requirements Engineer. Task: Derive concrete security requirements from identified threats. Context: Threats: [threats], System: [systemDescription], Constraints: [constraints]. Output: JSON listing requirements per threat.
- Create a remediation backlog with owners — Role: Project Lead. Task: Create a remediation backlog with owners and due dates. Context: Threats: [threats], Mitigations: [mitigations], Stakeholders: [owners], Constraints: [constraints]. Output: JSON with backlog items.
- Model supply chain threats for components — Role: Supply Chain Threat Modeler. Task: Model supply chain threats for components. Context: Components: [components], Suppliers: [suppliers], Threats: [threats], Constraints: [constraints]. Output: JSON with supplier-level mitigations.
- Assess cloud security posture against threats — Role: Cloud Security Architect. Task: Assess cloud posture against identified threats. Context: CloudEnvironment: [cloudEnv], Services: [services], Threats: [threats], Constraints: [constraints]. Output: JSON with cloud controls and gaps.
- Evaluate API security threats — Role: API Security Analyst. Task: Evaluate API-related threats and mitigations. Context: APIs: [apis], Data: [data], Auth: [auth], Constraints: [constraints]. Output: JSON with API threat map and mitigations.
- Assess containerized environments threat model — Role: Container Security Engineer. Task: Model threats for containerized environments. Context: Environment: [containerEnv], Images: [images], Orchestrator: [orchestrator], Constraints: [constraints]. Output: JSON with container-specific threats and mitigations.
- Consider IoT/OT threats in scope — Role: IoT/OT Threat Modeler. Task: Include IoT/OT threats within scope. Context: IoTDevices: [devices], OTSystems: [otSystems], Constraints: [constraints]. Output: JSON with IoT/OT threats and defenses.
- Validate threat model with stakeholders — Role: Stakeholder Liaison. Task: Validate the threat model with stakeholders. Context: Stakeholders: [stakeholders], Evidence: [evidence], Feedback: [feedback], Constraints: [constraints]. Output: JSON with stakeholder feedback and changes.
- Produce executive summary for leadership — Role: Security Program Lead. Task: Produce a concise executive summary of threats and mitigations for leadership. Context: Threats: [threats], Impacts: [impacts], Mitigations: [mitigations], Constraints: [constraints]. Output: JSON with executive summary and key metrics.
- Create diagrammatic representation of threats — Role: Diagram Specialist. Task: Create a readable threat diagram description for stakeholders. Context: Assets: [assets], Flows: [flows], Threats: [threats], Constraints: [constraints]. Output: JSON with diagram description and recommended visuals.
- Validate data classification and handling — Role: Data Governance Lead. Task: Validate data classification and handling policies against threats. Context: DataClasses: [classes], Handling: [policies], Threats: [threats], Constraints: [constraints]. Output: JSON with gaps and actions.
- Analyze privacy impact and data minimization — Role: Privacy Specialist. Task: Analyze privacy impact and data minimization in threat model. Context: DataTypes: [dataTypes], PII: [pii], Minimization: [minimization], Constraints: [constraints]. Output: JSON with privacy risk notes and mitigations.
- Identify compatibility issues with mitigations — Role: Integration Architect. Task: Check compatibility of proposed mitigations with existing systems. Context: Systems: [systems], Mitigations: [mitigations], Constraints: [constraints]. Output: JSON listing compatibility issues and workarounds.
- Propose compensating controls for legacy systems — Role: Legacy Systems Auditor. Task: Propose compensating controls for legacy components. Context: LegacySystems: [legacy], Threats: [threats], Mitigations: [mitigations], Constraints: [constraints]. Output: JSON with recommended compensating controls.
- Evaluate developer workflow risks — Role: DevOps Security Engineer. Task: Evaluate security risks in the development workflow. Context: CI/CD: [cicd], Repositories: [repos], Build: [build], Constraints: [constraints]. Output: JSON with workflow risks and mitigations.
- Consider insider threat scenarios — Role: Risk Analyst. Task: Model insider threat scenarios and mitigations. Context: Users: [users], Access: [access], Data: [data], Constraints: [constraints]. Output: JSON with insider threats and controls.
- Simulate ransomware and cyber extortion scenarios — Role: Incident Planner. Task: Simulate ransomware and extortion scenarios within the threat model. Context: Environment: [environment], RansomwareVectors: [vectors], Backups: [backups], Constraints: [constraints]. Output: JSON with scenario steps and mitigations.
- Model phishing and social engineering vectors — Role: Awareness Lead. Task: Model phishing/social engineering threats. Context: Channels: [channels], UserEducation: [education], Constraints: [constraints]. Output: JSON with threat vectors and training recommendations.
- Assess ransomware kill chain for organization — Role: Threat Analyst. Task: Assess ransomware kill chain relevance to the organization. Context: Infrastructure: [infra], CriticalAssets: [assets], Backups: [backups], Constraints: [constraints]. Output: JSON with kill-chain phases and defenses.
- Map business processes to critical risks — Role: Business Risk Analyst. Task: Map business processes to cybersecurity risks. Context: Processes: [processes], CriticalAssets: [assets], Threats: [threats], Constraints: [constraints]. Output: JSON linking processes to risks and mitigations.
- Assess resilience against DDoS threats — Role: Network Resilience Specialist. Task: Assess DDoS resilience. Context: Network: [network], Services: [services], DDoSDefenses: [defenses], Constraints: [constraints]. Output: JSON with resilience gaps and mitigations.
- Evaluate disaster recovery alignment — Role: DR Lead. Task: Evaluate alignment between threat model and disaster recovery plans. Context: DRPlan: [drPlan], RTO: [rto], RPO: [rpo], Constraints: [constraints]. Output: JSON with gaps and improvements.
- Create incident playbooks from threats — Role: IR Playbook Author. Task: Create incident playbooks mapped to threats. Context: Threats: [threats], Playbooks: [playbooks], Roles: [roles], Constraints: [constraints]. Output: JSON with playbooks.
- Define success criteria for mitigations — Role: Security Project Manager. Task: Define measurable success criteria for mitigations. Context: Mitigations: [mitigations], Metrics: [metrics], Constraints: [constraints]. Output: JSON with success criteria.
- Document threat sources and probabilities — Role: Threat Modeler. Task: Document threat sources and probability estimates. Context: Threats: [threats], Sources: [sources], Probabilities: [probabilities], Constraints: [constraints]. Output: JSON with source probabilities.
- Propose security controls by layer — Role: Security Architect. Task: Propose controls by architectural layer (n-tier). Context: Layers: [layers], Threats: [threats], Constraints: [constraints]. Output: JSON with layered controls.
- Validate security testing coverage — Role: Security Tester. Task: Validate SAST/DAST and pen-test coverage against threats. Context: Tests: [tests], Coverage: [coverage], Constraints: [constraints]. Output: JSON with coverage gaps.
- Assess supply chain integrity checks — Role: Supply Chain Auditor. Task: Assess integrity checks for the supply chain. Context: Suppliers: [suppliers], Checks: [checks], Constraints: [constraints]. Output: JSON with checks and gaps.
- Create risk-based testing plan — Role: QA Security Lead. Task: Create a risk-based testing plan aligned to threats. Context: Threats: [threats], Tests: [tests], Schedule: [schedule], Constraints: [constraints]. Output: JSON with test plan.
- Align threat model with compliance requirements — Role: Compliance Liaison. Task: Align threats with applicable regulations. Context: Regulations: [regulations], Threats: [threats], Constraints: [constraints]. Output: JSON with compliance mapping.
- Evaluate data loss prevention controls — Role: DLP Specialist. Task: Evaluate DLP controls against threats. Context: Data: [data], DLPControls: [controls], Constraints: [constraints]. Output: JSON with gaps and improvements.
- Determine residual risk after mitigations — Role: Risk Manager. Task: Determine residual risk post-mitigations. Context: Threats: [threats], Mitigations: [mitigations], ResidualRisk: [residual], Constraints: [constraints]. Output: JSON with residual risk levels.
- Create governance metrics for threat model — Role: Governance Lead. Task: Create governance metrics for ongoing threat modeling. Context: Metrics: [metrics], DataSources: [sources], Constraints: [constraints]. Output: JSON with dashboards and cadence.
- Identify security debt and backlog — Role: Engineering Manager. Task: Identify security debt and create backlog items. Context: Codebase: [codebase], DebtItems: [items], Priorities: [priorities], Constraints: [constraints]. Output: JSON with backlog items.
- Map threat model to architectural diagrams — Role: Solution Architect. Task: Map threats to architectural diagrams. Context: Diagrams: [diagrams], Assets: [assets], Threats: [threats], Constraints: [constraints]. Output: JSON with mapping notes.
- Evaluate zero-trust implications — Role: Zero Trust Architect. Task: Assess zero-trust implications for the system. Context: TrustAssumptions: [assumptions], Identities: [identities], Access: [access], Constraints: [constraints]. Output: JSON with zero-trust plan.
- Assess authentication factors and MFA strength — Role: Identity Security Lead. Task: Assess MFA strength and authentication factors. Context: Identities: [identities], MFA: [mfa], Risks: [risks], Constraints: [constraints]. Output: JSON with improvements.
- Analyze credential theft risk — Role: Credential Security Expert. Task: Analyze credential theft risk vectors. Context: Credentials: [credentials], Vectors: [vectors], Defenses: [defenses], Constraints: [constraints]. Output: JSON with risk and mitigations.
- Model supply chain risk in procurement — Role: Procurement Security Lead. Task: Model supply chain risk for procurement. Context: Procurements: [procurements], Suppliers: [suppliers], Controls: [controls], Constraints: [constraints]. Output: JSON with procurement risk plan.
- Consider cyber risk scoring for business units — Role: Business Risk Lead. Task: Score cyber risk by business unit. Context: Units: [units], Threats: [threats], Scores: [scores], Constraints: [constraints]. Output: JSON with unit risk scores.
- Identify data exfiltration paths — Role: Data Security Analyst. Task: Identify data exfiltration paths. Context: Data: [data], Channels: [channels], Controls: [controls], Constraints: [constraints]. Output: JSON with exfil paths and mitigations.
- Model privilege escalation paths — Role: Privilege Modeler. Task: Model paths for privilege escalation. Context: Systems: [systems], Privileges: [privileges], Constraints: [constraints]. Output: JSON with escalation paths and mitigations.
- Evaluate session fixation risks — Role: Web Security Engineer. Task: Evaluate session management risks including session fixation. Context: Sessions: [sessions], Tokens: [tokens], Constraints: [constraints]. Output: JSON with risk notes and mitigations.
- Assess API gateway security — Role: API Security Architect. Task: Assess API gateway security threats and controls. Context: Gateway: [gateway], Routes: [routes], Auth: [auth], Constraints: [constraints]. Output: JSON with threats and mitigations.
- Threat modeling in CI/CD pipelines — Role: DevSecOps Lead. Task: Integrate threat modeling into CI/CD. Context: Pipelines: [pipelines], Checks: [checks], Constraints: [constraints]. Output: JSON with integration plan.
- Validate patch management integration — Role: Patch Program Manager. Task: Validate patch management alignment with threat model. Context: Patches: [patches], Systems: [systems], Constraints: [constraints]. Output: JSON with gaps and actions.
- Analyze cryptographic key management — Role: Crypto Security Lead. Task: Analyze key management practices. Context: Keys: [keys], Crypto: [crypto], Vaults: [vaults], Constraints: [constraints]. Output: JSON with improvements.
- Evaluate mobile app threat model — Role: Mobile Security Architect. Task: Threat model for a mobile app. Context: Platform: [platform], Features: [features], Data: [data], Constraints: [constraints]. Output: JSON with threats and mitigations.
- Threat modeling for on-prem to cloud migrations — Role: Cloud Migration Specialist. Task: Model threats during on-prem to cloud migrations. Context: Source: [source], Destination: [destination], Data: [data], Constraints: [constraints]. Output: JSON with migration risks and controls.
- Model cloud misconfigurations examples — Role: Cloud Security Analyst. Task: Model common cloud misconfigurations and mitigations. Context: Cloud: [cloud], Resources: [resources], Misconfig: [misconfig], Constraints: [constraints]. Output: JSON with examples and fixes.
- Evaluate data backup integrity as threat control — Role: Backup Security Lead. Task: Evaluate backups as a threat control. Context: Backups: [backups], IntegrityChecks: [checks], RestoreTests: [tests], Constraints: [constraints]. Output: JSON with improvements.
- Analyze server-side request forgery risks — Role: Web Security Engineer. Task: Analyze SSRF threats and mitigations. Context: Servers: [servers], Endpoints: [endpoints], Controls: [controls], Constraints: [constraints]. Output: JSON with SSRF risk and mitigations.
- Map automation and orchestration risks — Role: Automation Security Lead. Task: Map risks in automated workflows. Context: Orchestration: [orchestration], Workflows: [workflows], Threats: [threats], Constraints: [constraints]. Output: JSON with orchestration risk.
- Consider machine learning model security threats — Role: ML Security Specialist. Task: Model security threats for ML components. Context: Models: [models], Data: [data], Threats: [threats], Constraints: [constraints]. Output: JSON with ML threat mitigations.
- Evaluate AI/ML data poisoning risks — Role: AI Security Lead. Task: Evaluate data poisoning risks for ML models. Context: TrainingData: [data], Models: [models], Defenses: [defenses], Constraints: [constraints]. Output: JSON with risk and defenses.
- Model supply chain for open source — Role: Open Source Security Lead. Task: Model threats in open source software supply chain. Context: OSS: [oss], Maintainers: [maintainers], Threats: [threats], Constraints: [constraints]. Output: JSON with mitigations.
- Identify strong password policies vs user behavior — Role: Identity Security Analyst. Task: Analyze password policies against user behavior and security. Context: Policies: [policies], Users: [users], Behavior: [behavior], Constraints: [constraints]. Output: JSON with recommendations.
- Threat modeling for remote work — Role: Remote Work Security Lead. Task: Model threats in remote work scenarios. Context: RemoteDevices: [devices], Networks: [networks], Access: [access], Constraints: [constraints]. Output: JSON with threats and mitigations.
- Assess VPN security boundaries — Role: Network Security Architect. Task: Assess VPN security boundaries. Context: VPN: [vpn], BoundaryControls: [controls], Threats: [threats], Constraints: [constraints]. Output: JSON with gaps and improvements.
- Analyze endpoint protection coverage — Role: Endpoint Security Lead. Task: Analyze endpoint protection coverage. Context: Endpoints: [endpoints], Protections: [protections], Threats: [threats], Constraints: [constraints]. Output: JSON with gaps and enhancements.
- Evaluate BYOD risks — Role: BYOD Security Specialist. Task: Evaluate bring-your-own-device risks. Context: Devices: [devices], Data: [data], Controls: [controls], Constraints: [constraints]. Output: JSON with risks and mitigations.
- Model lateral movement in network segments — Role: Network Forensics Analyst. Task: Model lateral movement paths within segments. Context: Segments: [segments], Assets: [assets], Constraints: [constraints]. Output: JSON with movement paths and controls.
- Evaluate detection and alert tuning — Role: SOC Analyst. Task: Evaluate detection coverage and alert tuning. Context: Detections: [detections], Alerts: [alerts], Tuning: [tuning], Constraints: [constraints]. Output: JSON with gaps and tuning suggestions.
- Document risk acceptance criteria — Role: Governance Auditor. Task: Document risk acceptance criteria. Context: Risks: [risks], Acceptance: [acceptance], Constraints: [constraints]. Output: JSON with criteria.
- Build scenario-based threat narratives — Role: Threat Storyteller. Task: Build scenario-based narratives for executive briefing. Context: Scenarios: [scenarios], Threats: [threats], Outcomes: [outcomes], Constraints: [constraints]. Output: JSON with narratives.
- Validate tabletop exercise findings — Role: Tabletop Lead. Task: Validate findings from tabletop exercises. Context: Exercises: [exercises], Findings: [findings], Actions: [actions], Constraints: [constraints]. Output: JSON with updates.
- Use threat intel to update model — Role: Threat Intel Analyst. Task: Update threat model with recent intelligence. Context: Intel: [intel], Threats: [threats], Actions: [actions], Constraints: [constraints]. Output: JSON with updates.
- Assess regulatory reporting threats — Role: Compliance Threat Lead. Task: Assess threats to regulatory reporting. Context: Reports: [reports], Data: [data], Threats: [threats], Constraints: [constraints]. Output: JSON with mitigations.
- Review change management for security implications — Role: Change Manager. Task: Review security implications of changes. Context: Changes: [changes], Systems: [systems], Constraints: [constraints]. Output: JSON with security implications.
- Validate logging retention and privacy — Role: Privacy and Logging Lead. Task: Validate log retention vs privacy requirements. Context: Logs: [logs], Retention: [retention], Privacy: [privacy], Constraints: [constraints]. Output: JSON with actionable changes.
- Analyze cross-border data risks — Role: Data Protection Officer. Task: Analyze cross-border data transfer risks. Context: DataFlows: [flows], Jurisdictions: [jurisdictions], Constraints: [constraints]. Output: JSON with recommendations.
- Model contractor and vendor access — Role: Vendor Security Lead. Task: Model contractor access and controls. Context: Contractors: [contractors], Access: [access], Contracts: [contracts], Constraints: [constraints]. Output: JSON with access controls.
- Evaluate disaster recovery test effectiveness — Role: DR Test Lead. Task: Evaluate disaster recovery test effectiveness. Context: Tests: [tests], Results: [results], Gaps: [gaps], Constraints: [constraints]. Output: JSON with improvements.
- Consider edge computing attack surfaces — Role: Edge Security Architect. Task: Model attack surfaces for edge computing. Context: EdgeNodes: [nodes], Connectivity: [connectivity], Threats: [threats], Constraints: [constraints]. Output: JSON with edge-specific mitigations.
- Assess blockchain or crypto wallet threats — Role: Crypto Security Analyst. Task: Model threats to blockchain/crypto wallets. Context: Wallets: [wallets], Keys: [keys], Network: [network], Constraints: [constraints]. Output: JSON with threats and defenses.
- Evaluate backup restore procedures impact — Role: Data Resilience Lead. Task: Evaluate backup/restore procedures impact on threat model. Context: Backups: [backups], Restore: [restore], RTO: [rto], Constraints: [constraints]. Output: JSON with improvements.
- Simulate active threat kill chain disruptions — Role: Threat Hunter. Task: Simulate interruption of attacker kill chain. Context: KillChain: [killChain], Defenses: [defenses], Constraints: [constraints]. Output: JSON with disruption plan.
- Assess supply chain security for firmware — Role: Firmware Security Lead. Task: Model firmware supply chain threats. Context: Firmware: [firmware], Suppliers: [suppliers], Updates: [updates], Constraints: [constraints]. Output: JSON with mitigations.
- Document risk decisions and rationale — Role: Governance Writer. Task: Document risk decisions and their rationale. Context: Decisions: [decisions], Rationale: [rationale], Constraints: [constraints]. Output: JSON with documentation.
- Evaluate role-based access across systems — Role: IAM Lead. Task: Evaluate RBAC across systems. Context: Systems: [systems], Roles: [roles], Access: [access], Constraints: [constraints]. Output: JSON with findings.
- Analyze privilege revocation processes — Role: Identity Governance Lead. Task: Analyze privilege revocation workflows. Context: Identities: [identities], Revocation: [revocation], Evidence: [evidence], Constraints: [constraints]. Output: JSON with recommendations.
- Review architecture decisions from threat lens — Role: Enterprise Architect. Task: Review architectural decisions against threats. Context: Decisions: [decisions], Threats: [threats], Constraints: [constraints]. Output: JSON with risk notes.
- Create executive-ready threat model artifact for audit — Role: Compliance and Audit Lead. Task: Produce an executive-ready threat model artifact for audit readiness. Context: Threats: [threats], Mitigations: [mitigations], Outcomes: [outcomes], Constraints: [constraints]. Output: JSON with artifact sections and evidence.
Markdown Template
100 Best ChatGPT Prompts for Cybersecurity Threat Modeling
# 100 Best ChatGPT Prompts for Cybersecurity Threat Modeling
**Define system boundary and critical assets**: Role: Cybersecurity Threat Modeler. Task: Define the system boundary and identify critical assets for the given system. Context: System description: [systemDescription], Assets: [assets], Data flows: [dataFlows], Trust boundaries: [trustBoundaries], Constraints: [constraints]. Output format: A structured threat model in JSON with fields: assets, dataFlows, threats (per asset/data flow using STRIDE), mitigations, riskRatings. Constraints: Use STRIDE, prioritize high-risk items, and provide actionable mitigations.
**Identify attacker profiles and capabilities**: Role: Threat Modeling Lead. Task: Define attacker profiles and capabilities relevant to the system. Context: System: [systemDescription], Threat actors: [adversaryProfiles], Capabilities: [capabilities], Constraints: [constraints]. Output: JSON with attacker profiles and potential attack paths.
**Map data flows and trust boundaries**: Role: Data Flow Architect. Task: Map all data flows and delineate trust boundaries between components. Context: System: [systemDescription], Data flows: [dataFlows], Components: [components], Constraints: [constraints]. Output: JSON with data flow diagrams described textually and trust boundary notes.
**Enumerate entry points and attack surfaces**: Role: Attack Surface Analyst. Task: List all entry points and attack surfaces for the system. Context: System: [systemDescription], Interfaces: [interfaces], External dependencies: [dependencies], Constraints: [constraints]. Output: JSON with surface areas, risk indicators, and suggested mitigations.
**Apply STRIDE threats to assets**: Role: Threat Modeler. Task: Apply STRIDE categories to each asset and data flow. Context: Assets: [assets], Data flows: [dataFlows], Constraints: [constraints]. Output: JSON mapping of STRIDE threats per asset/flow with initial risk rating.
**Document threats per asset and data flow**: Role: Threat Auditor. Task: Document identified threats for each asset and data flow using STRIDE. Context: Assets: [assets], Data flows: [dataFlows], Threats: [threats]. Output: JSON with asset-threat pairs and rationale.
**Model privilege levels and access control gaps**: Role: Access Control Specialist. Task: Model privilege levels and identify gaps in access control. Context: System: [systemDescription], Roles: [roles], Privileges: [privileges], Constraints: [constraints]. Output: JSON detailing role-based access anomalies and mitigation ideas.
**Analyze authentication and session management weaknesses**: Role: Security Architect. Task: Analyze authentication and session management weaknesses. Context: System: [systemDescription], Authentication: [authMechanisms], Sessions: [sessionManagement], Constraints: [constraints]. Output: JSON with weaknesses, risk levels, and recommended improvements.
**Review network segmentation and perimeter controls**: Role: Network Security Analyst. Task: Review segmentation and perimeter controls. Context: Network: [networkTopology], Segments: [segments], PerimeterControls: [controls], Constraints: [constraints]. Output: JSON with segmentation gaps and mitigations.
**Assess data at rest and in transit protections**: Role: Data Security Specialist. Task: Assess protections for data at rest and in transit. Context: Data: [dataTypes], Storage: [storages], Transport: [transports], Encryption: [encryption], Constraints: [constraints]. Output: JSON with risk-based recommendations.
**Evaluate logging and monitoring coverage**: Role: Monitoring Engineer. Task: Evaluate logging and monitoring coverage. Context: Systems: [systems], Logs: [logTypes], Monitoring: [monitors], Constraints: [constraints]. Output: JSON listing gaps and recommended telemetry.
**Assess incident response readiness**: Role: IR Lead. Task: Assess incident response readiness. Context: IR plan: [irPlan], Runbooks: [runbooks], Detection: [detections], Constraints: [constraints]. Output: JSON with gaps and improvements.
**Enumerate third-party dependencies and risks**: Role: Supply Chain Analyst. Task: Enumerate third-party dependencies and associated risks. Context: Dependencies: [dependencies], Vendors: [vendors], Threats: [threats], Constraints: [constraints]. Output: JSON mapping dependencies to risks and mitigations.
**Perform risk scoring with a standard framework**: Role: Risk Analyst. Task: Score threats using a standard framework (e.g., STRIDE-derived risk). Context: Threats: [threats], Likelihood: [likelihood], Impact: [impact], Constraints: [constraints]. Output: JSON with risk scores and prioritization.
**Identify misconfigurations and insecure defaults**: Role: Configuration Auditor. Task: Identify misconfigurations and insecure defaults. Context: System: [systemDescription], Configs: [configs], Baselines: [baselines], Constraints: [constraints]. Output: JSON detailing misconfigurations and recommended fixes.
**Simulate attacker path using attack graphs**: Role: Threat Modeler. Task: Create and analyze an attacker path using attack graphs. Context: System: [systemDescription], Graph: [attackGraph], Constraints: [constraints]. Output: JSON with attacker path scores and mitigations.
**Prioritize mitigations by risk level and cost**: Role: Security Planner. Task: Prioritize mitigations by risk and cost. Context: Risks: [risks], Costs: [costs], Constraints: [constraints]. Output: JSON with prioritized mitigation plan.
**Define security requirements from threats**: Role: Requirements Engineer. Task: Derive concrete security requirements from identified threats. Context: Threats: [threats], System: [systemDescription], Constraints: [constraints]. Output: JSON listing requirements per threat.
**Create a remediation backlog with owners**: Role: Project Lead. Task: Create a remediation backlog with owners and due dates. Context: Threats: [threats], Mitigations: [mitigations], Stakeholders: [owners], Constraints: [constraints]. Output: JSON with backlog items.
**Model supply chain threats for components**: Role: Supply Chain Threat Modeler. Task: Model supply chain threats for components. Context: Components: [components], Suppliers: [suppliers], Threats: [threats], Constraints: [constraints]. Output: JSON with supplier-level mitigations.
**Assess cloud security posture against threats**: Role: Cloud Security Architect. Task: Assess cloud posture against identified threats. Context: CloudEnvironment: [cloudEnv], Services: [services], Threats: [threats], Constraints: [constraints]. Output: JSON with cloud controls and gaps.
**Evaluate API security threats**: Role: API Security Analyst. Task: Evaluate API-related threats and mitigations. Context: APIs: [apis], Data: [data], Auth: [auth], Constraints: [constraints]. Output: JSON with API threat map and mitigations.
**Assess containerized environments threat model**: Role: Container Security Engineer. Task: Model threats for containerized environments. Context: Environment: [containerEnv], Images: [images], Orchestrator: [orchestrator], Constraints: [constraints]. Output: JSON with container-specific threats and mitigations.
**Consider IoT/OT threats in scope**: Role: IoT/OT Threat Modeler. Task: Include IoT/OT threats within scope. Context: IoTDevices: [devices], OTSystems: [otSystems], Constraints: [constraints]. Output: JSON with IoT/OT threats and defenses.
**Validate threat model with stakeholders**: Role: Stakeholder Liaison. Task: Validate the threat model with stakeholders. Context: Stakeholders: [stakeholders], Evidence: [evidence], Feedback: [feedback], Constraints: [constraints]. Output: JSON with stakeholder feedback and changes.
**Produce executive summary for leadership**: Role: Security Program Lead. Task: Produce a concise executive summary of threats and mitigations for leadership. Context: Threats: [threats], Impacts: [impacts], Mitigations: [mitigations], Constraints: [constraints]. Output: JSON with executive summary and key metrics.
**Create diagrammatic representation of threats**: Role: Diagram Specialist. Task: Create a readable threat diagram description for stakeholders. Context: Assets: [assets], Flows: [flows], Threats: [threats], Constraints: [constraints]. Output: JSON with diagram description and recommended visuals.
**Validate data classification and handling**: Role: Data Governance Lead. Task: Validate data classification and handling policies against threats. Context: DataClasses: [classes], Handling: [policies], Threats: [threats], Constraints: [constraints]. Output: JSON with gaps and actions.
**Analyze privacy impact and data minimization**: Role: Privacy Specialist. Task: Analyze privacy impact and data minimization in threat model. Context: DataTypes: [dataTypes], PII: [pii], Minimization: [minimization], Constraints: [constraints]. Output: JSON with privacy risk notes and mitigations.
**Identify compatibility issues with mitigations**: Role: Integration Architect. Task: Check compatibility of proposed mitigations with existing systems. Context: Systems: [systems], Mitigations: [mitigations], Constraints: [constraints]. Output: JSON listing compatibility issues and workarounds.
**Propose compensating controls for legacy systems**: Role: Legacy Systems Auditor. Task: Propose compensating controls for legacy components. Context: LegacySystems: [legacy], Threats: [threats], Mitigations: [mitigations], Constraints: [constraints]. Output: JSON with recommended compensating controls.
**Evaluate developer workflow risks**: Role: DevOps Security Engineer. Task: Evaluate security risks in the development workflow. Context: CI/CD: [cicd], Repositories: [repos], Build: [build], Constraints: [constraints]. Output: JSON with workflow risks and mitigations.
**Consider insider threat scenarios**: Role: Risk Analyst. Task: Model insider threat scenarios and mitigations. Context: Users: [users], Access: [access], Data: [data], Constraints: [constraints]. Output: JSON with insider threats and controls.
**Simulate ransomware and cyber extortion scenarios**: Role: Incident Planner. Task: Simulate ransomware and extortion scenarios within the threat model. Context: Environment: [environment], RansomwareVectors: [vectors], Backups: [backups], Constraints: [constraints]. Output: JSON with scenario steps and mitigations.
**Model phishing and social engineering vectors**: Role: Awareness Lead. Task: Model phishing/social engineering threats. Context: Channels: [channels], UserEducation: [education], Constraints: [constraints]. Output: JSON with threat vectors and training recommendations.
**Assess ransomware kill chain for organization**: Role: Threat Analyst. Task: Assess ransomware kill chain relevance to the organization. Context: Infrastructure: [infra], CriticalAssets: [assets], Backups: [backups], Constraints: [constraints]. Output: JSON with kill-chain phases and defenses.
**Map business processes to critical risks**: Role: Business Risk Analyst. Task: Map business processes to cybersecurity risks. Context: Processes: [processes], CriticalAssets: [assets], Threats: [threats], Constraints: [constraints]. Output: JSON linking processes to risks and mitigations.
**Assess resilience against DDoS threats**: Role: Network Resilience Specialist. Task: Assess DDoS resilience. Context: Network: [network], Services: [services], DDoSDefenses: [defenses], Constraints: [constraints]. Output: JSON with resilience gaps and mitigations.
**Evaluate disaster recovery alignment**: Role: DR Lead. Task: Evaluate alignment between threat model and disaster recovery plans. Context: DRPlan: [drPlan], RTO: [rto], RPO: [rpo], Constraints: [constraints]. Output: JSON with gaps and improvements.
**Create incident playbooks from threats**: Role: IR Playbook Author. Task: Create incident playbooks mapped to threats. Context: Threats: [threats], Playbooks: [playbooks], Roles: [roles], Constraints: [constraints]. Output: JSON with playbooks.
**Define success criteria for mitigations**: Role: Security Project Manager. Task: Define measurable success criteria for mitigations. Context: Mitigations: [mitigations], Metrics: [metrics], Constraints: [constraints]. Output: JSON with success criteria.
**Document threat sources and probabilities**: Role: Threat Modeler. Task: Document threat sources and probability estimates. Context: Threats: [threats], Sources: [sources], Probabilities: [probabilities], Constraints: [constraints]. Output: JSON with source probabilities.
**Propose security controls by layer**: Role: Security Architect. Task: Propose controls by architectural layer (n-tier). Context: Layers: [layers], Threats: [threats], Constraints: [constraints]. Output: JSON with layered controls.
**Validate security testing coverage**: Role: Security Tester. Task: Validate SAST/DAST and pen-test coverage against threats. Context: Tests: [tests], Coverage: [coverage], Constraints: [constraints]. Output: JSON with coverage gaps.
**Assess supply chain integrity checks**: Role: Supply Chain Auditor. Task: Assess integrity checks for the supply chain. Context: Suppliers: [suppliers], Checks: [checks], Constraints: [constraints]. Output: JSON with checks and gaps.
**Create risk-based testing plan**: Role: QA Security Lead. Task: Create a risk-based testing plan aligned to threats. Context: Threats: [threats], Tests: [tests], Schedule: [schedule], Constraints: [constraints]. Output: JSON with test plan.
**Align threat model with compliance requirements**: Role: Compliance Liaison. Task: Align threats with applicable regulations. Context: Regulations: [regulations], Threats: [threats], Constraints: [constraints]. Output: JSON with compliance mapping.
**Evaluate data loss prevention controls**: Role: DLP Specialist. Task: Evaluate DLP controls against threats. Context: Data: [data], DLPControls: [controls], Constraints: [constraints]. Output: JSON with gaps and improvements.
**Determine residual risk after mitigations**: Role: Risk Manager. Task: Determine residual risk post-mitigations. Context: Threats: [threats], Mitigations: [mitigations], ResidualRisk: [residual], Constraints: [constraints]. Output: JSON with residual risk levels.
**Create governance metrics for threat model**: Role: Governance Lead. Task: Create governance metrics for ongoing threat modeling. Context: Metrics: [metrics], DataSources: [sources], Constraints: [constraints]. Output: JSON with dashboards and cadence.
**Identify security debt and backlog**: Role: Engineering Manager. Task: Identify security debt and create backlog items. Context: Codebase: [codebase], DebtItems: [items], Priorities: [priorities], Constraints: [constraints]. Output: JSON with backlog items.
**Map threat model to architectural diagrams**: Role: Solution Architect. Task: Map threats to architectural diagrams. Context: Diagrams: [diagrams], Assets: [assets], Threats: [threats], Constraints: [constraints]. Output: JSON with mapping notes.
**Evaluate zero-trust implications**: Role: Zero Trust Architect. Task: Assess zero-trust implications for the system. Context: TrustAssumptions: [assumptions], Identities: [identities], Access: [access], Constraints: [constraints]. Output: JSON with zero-trust plan.
**Assess authentication factors and MFA strength**: Role: Identity Security Lead. Task: Assess MFA strength and authentication factors. Context: Identities: [identities], MFA: [mfa], Risks: [risks], Constraints: [constraints]. Output: JSON with improvements.
**Analyze credential theft risk**: Role: Credential Security Expert. Task: Analyze credential theft risk vectors. Context: Credentials: [credentials], Vectors: [vectors], Defenses: [defenses], Constraints: [constraints]. Output: JSON with risk and mitigations.
**Model supply chain risk in procurement**: Role: Procurement Security Lead. Task: Model supply chain risk for procurement. Context: Procurements: [procurements], Suppliers: [suppliers], Controls: [controls], Constraints: [constraints]. Output: JSON with procurement risk plan.
**Consider cyber risk scoring for business units**: Role: Business Risk Lead. Task: Score cyber risk by business unit. Context: Units: [units], Threats: [threats], Scores: [scores], Constraints: [constraints]. Output: JSON with unit risk scores.
**Identify data exfiltration paths**: Role: Data Security Analyst. Task: Identify data exfiltration paths. Context: Data: [data], Channels: [channels], Controls: [controls], Constraints: [constraints]. Output: JSON with exfil paths and mitigations.
**Model privilege escalation paths**: Role: Privilege Modeler. Task: Model paths for privilege escalation. Context: Systems: [systems], Privileges: [privileges], Constraints: [constraints]. Output: JSON with escalation paths and mitigations.
**Evaluate session fixation risks**: Role: Web Security Engineer. Task: Evaluate session management risks including session fixation. Context: Sessions: [sessions], Tokens: [tokens], Constraints: [constraints]. Output: JSON with risk notes and mitigations.
**Assess API gateway security**: Role: API Security Architect. Task: Assess API gateway security threats and controls. Context: Gateway: [gateway], Routes: [routes], Auth: [auth], Constraints: [constraints]. Output: JSON with threats and mitigations.
**Threat modeling in CI/CD pipelines**: Role: DevSecOps Lead. Task: Integrate threat modeling into CI/CD. Context: Pipelines: [pipelines], Checks: [checks], Constraints: [constraints]. Output: JSON with integration plan.
**Validate patch management integration**: Role: Patch Program Manager. Task: Validate patch management alignment with threat model. Context: Patches: [patches], Systems: [systems], Constraints: [constraints]. Output: JSON with gaps and actions.
**Analyze cryptographic key management**: Role: Crypto Security Lead. Task: Analyze key management practices. Context: Keys: [keys], Crypto: [crypto], Vaults: [vaults], Constraints: [constraints]. Output: JSON with improvements.
**Evaluate mobile app threat model**: Role: Mobile Security Architect. Task: Threat model for a mobile app. Context: Platform: [platform], Features: [features], Data: [data], Constraints: [constraints]. Output: JSON with threats and mitigations.
**Threat modeling for on-prem to cloud migrations**: Role: Cloud Migration Specialist. Task: Model threats during on-prem to cloud migrations. Context: Source: [source], Destination: [destination], Data: [data], Constraints: [constraints]. Output: JSON with migration risks and controls.
**Model cloud misconfigurations examples**: Role: Cloud Security Analyst. Task: Model common cloud misconfigurations and mitigations. Context: Cloud: [cloud], Resources: [resources], Misconfig: [misconfig], Constraints: [constraints]. Output: JSON with examples and fixes.
**Evaluate data backup integrity as threat control**: Role: Backup Security Lead. Task: Evaluate backups as a threat control. Context: Backups: [backups], IntegrityChecks: [checks], RestoreTests: [tests], Constraints: [constraints]. Output: JSON with improvements.
**Analyze server-side request forgery risks**: Role: Web Security Engineer. Task: Analyze SSRF threats and mitigations. Context: Servers: [servers], Endpoints: [endpoints], Controls: [controls], Constraints: [constraints]. Output: JSON with SSRF risk and mitigations.
**Map automation and orchestration risks**: Role: Automation Security Lead. Task: Map risks in automated workflows. Context: Orchestration: [orchestration], Workflows: [workflows], Threats: [threats], Constraints: [constraints]. Output: JSON with orchestration risk.
**Consider machine learning model security threats**: Role: ML Security Specialist. Task: Model security threats for ML components. Context: Models: [models], Data: [data], Threats: [threats], Constraints: [constraints]. Output: JSON with ML threat mitigations.
**Evaluate AI/ML data poisoning risks**: Role: AI Security Lead. Task: Evaluate data poisoning risks for ML models. Context: TrainingData: [data], Models: [models], Defenses: [defenses], Constraints: [constraints]. Output: JSON with risk and defenses.
**Model supply chain for open source**: Role: Open Source Security Lead. Task: Model threats in open source software supply chain. Context: OSS: [oss], Maintainers: [maintainers], Threats: [threats], Constraints: [constraints]. Output: JSON with mitigations.
**Identify strong password policies vs user behavior**: Role: Identity Security Analyst. Task: Analyze password policies against user behavior and security. Context: Policies: [policies], Users: [users], Behavior: [behavior], Constraints: [constraints]. Output: JSON with recommendations.
**Threat modeling for remote work**: Role: Remote Work Security Lead. Task: Model threats in remote work scenarios. Context: RemoteDevices: [devices], Networks: [networks], Access: [access], Constraints: [constraints]. Output: JSON with threats and mitigations.
**Assess VPN security boundaries**: Role: Network Security Architect. Task: Assess VPN security boundaries. Context: VPN: [vpn], BoundaryControls: [controls], Threats: [threats], Constraints: [constraints]. Output: JSON with gaps and improvements.
**Analyze endpoint protection coverage**: Role: Endpoint Security Lead. Task: Analyze endpoint protection coverage. Context: Endpoints: [endpoints], Protections: [protections], Threats: [threats], Constraints: [constraints]. Output: JSON with gaps and enhancements.
**Evaluate BYOD risks**: Role: BYOD Security Specialist. Task: Evaluate bring-your-own-device risks. Context: Devices: [devices], Data: [data], Controls: [controls], Constraints: [constraints]. Output: JSON with risks and mitigations.
**Model lateral movement in network segments**: Role: Network Forensics Analyst. Task: Model lateral movement paths within segments. Context: Segments: [segments], Assets: [assets], Constraints: [constraints]. Output: JSON with movement paths and controls.
**Evaluate detection and alert tuning**: Role: SOC Analyst. Task: Evaluate detection coverage and alert tuning. Context: Detections: [detections], Alerts: [alerts], Tuning: [tuning], Constraints: [constraints]. Output: JSON with gaps and tuning suggestions.
**Document risk acceptance criteria**: Role: Governance Auditor. Task: Document risk acceptance criteria. Context: Risks: [risks], Acceptance: [acceptance], Constraints: [constraints]. Output: JSON with criteria.
**Build scenario-based threat narratives**: Role: Threat Storyteller. Task: Build scenario-based narratives for executive briefing. Context: Scenarios: [scenarios], Threats: [threats], Outcomes: [outcomes], Constraints: [constraints]. Output: JSON with narratives.
**Validate tabletop exercise findings**: Role: Tabletop Lead. Task: Validate findings from tabletop exercises. Context: Exercises: [exercises], Findings: [findings], Actions: [actions], Constraints: [constraints]. Output: JSON with updates.
**Use threat intel to update model**: Role: Threat Intel Analyst. Task: Update threat model with recent intelligence. Context: Intel: [intel], Threats: [threats], Actions: [actions], Constraints: [constraints]. Output: JSON with updates.
**Assess regulatory reporting threats**: Role: Compliance Threat Lead. Task: Assess threats to regulatory reporting. Context: Reports: [reports], Data: [data], Threats: [threats], Constraints: [constraints]. Output: JSON with mitigations.
**Review change management for security implications**: Role: Change Manager. Task: Review security implications of changes. Context: Changes: [changes], Systems: [systems], Constraints: [constraints]. Output: JSON with security implications.
**Validate logging retention and privacy**: Role: Privacy and Logging Lead. Task: Validate log retention vs privacy requirements. Context: Logs: [logs], Retention: [retention], Privacy: [privacy], Constraints: [constraints]. Output: JSON with actionable changes.
**Analyze cross-border data risks**: Role: Data Protection Officer. Task: Analyze cross-border data transfer risks. Context: DataFlows: [flows], Jurisdictions: [jurisdictions], Constraints: [constraints]. Output: JSON with recommendations.
**Model contractor and vendor access**: Role: Vendor Security Lead. Task: Model contractor access and controls. Context: Contractors: [contractors], Access: [access], Contracts: [contracts], Constraints: [constraints]. Output: JSON with access controls.
**Evaluate disaster recovery test effectiveness**: Role: DR Test Lead. Task: Evaluate disaster recovery test effectiveness. Context: Tests: [tests], Results: [results], Gaps: [gaps], Constraints: [constraints]. Output: JSON with improvements.
**Consider edge computing attack surfaces**: Role: Edge Security Architect. Task: Model attack surfaces for edge computing. Context: EdgeNodes: [nodes], Connectivity: [connectivity], Threats: [threats], Constraints: [constraints]. Output: JSON with edge-specific mitigations.
**Assess blockchain or crypto wallet threats**: Role: Crypto Security Analyst. Task: Model threats to blockchain/crypto wallets. Context: Wallets: [wallets], Keys: [keys], Network: [network], Constraints: [constraints]. Output: JSON with threats and defenses.
**Evaluate backup restore procedures impact**: Role: Data Resilience Lead. Task: Evaluate backup/restore procedures impact on threat model. Context: Backups: [backups], Restore: [restore], RTO: [rto], Constraints: [constraints]. Output: JSON with improvements.
**Simulate active threat kill chain disruptions**: Role: Threat Hunter. Task: Simulate interruption of attacker kill chain. Context: KillChain: [killChain], Defenses: [defenses], Constraints: [constraints]. Output: JSON with disruption plan.
**Assess supply chain security for firmware**: Role: Firmware Security Lead. Task: Model firmware supply chain threats. Context: Firmware: [firmware], Suppliers: [suppliers], Updates: [updates], Constraints: [constraints]. Output: JSON with mitigations.
**Document risk decisions and rationale**: Role: Governance Writer. Task: Document risk decisions and their rationale. Context: Decisions: [decisions], Rationale: [rationale], Constraints: [constraints]. Output: JSON with documentation.
**Evaluate role-based access across systems**: Role: IAM Lead. Task: Evaluate RBAC across systems. Context: Systems: [systems], Roles: [roles], Access: [access], Constraints: [constraints]. Output: JSON with findings.
**Analyze privilege revocation processes**: Role: Identity Governance Lead. Task: Analyze privilege revocation workflows. Context: Identities: [identities], Revocation: [revocation], Evidence: [evidence], Constraints: [constraints]. Output: JSON with recommendations.
**Review architecture decisions from threat lens**: Role: Enterprise Architect. Task: Review architectural decisions against threats. Context: Decisions: [decisions], Threats: [threats], Constraints: [constraints]. Output: JSON with risk notes.
**Create executive-ready threat model artifact for audit**: Role: Compliance and Audit Lead. Task: Produce an executive-ready threat model artifact for audit readiness. Context: Threats: [threats], Mitigations: [mitigations], Outcomes: [outcomes], Constraints: [constraints]. Output: JSON with artifact sections and evidence.Best Practices
- Reuse prompts as templates and replace placeholders for different systems. - Keep outputs precise and auditable, with clear owners and due dates. - Validate outputs against architecture diagrams and policy requirements. - Keep outputs actionable and testable with concrete mitigations and evidence traces.
Common Mistakes to Avoid
- Overpromising without actionable outputs. - Mixing threat modeling with generic security checklists. - Failing to tailor prompts to the system context. - Ignoring data flows and trust boundaries in favor of asset lists only.
FAQ
What is Cybersecurity Threat Modeling?
Threat modeling is a structured approach to identify, analyze, and mitigate risks to a system's security by considering assets, data flows, adversaries, and controls.
How many prompts are included?
There are 100 prompts in this library, designed for comprehensive threat modeling workflows.
Can I adapt prompts for cloud or on-prem environments?
Yes. Use the placeholders in each prompt to specify your environment and constraints, then run the prompt to generate tailored outputs.
What outputs should I expect?
Structured JSON threat models, with assets, data flows, threats by STRIDE, mitigations, risk ratings, and an executive summary for leadership.