ChatGPT PromptsChatGPT prompts library100 Prompts

100 Best ChatGPT Prompts for Cybersecurity Threat Modeling

A practical prompt library page with 100 ready-to-use ChatGPT prompts for Cybersecurity Threat Modeling.

ChatGPT promptsCybersecurity Threat ModelingThreat Modeling promptssecurity architecturerisk assessmentSTRIDE

Best For

Security architects, threat modeling practitioners, security engineers, risk managers

Prompt Use Cases

  • Threat modeling for systems and apps
  • Risk prioritization and mitigation planning
  • Security design reviews
  • Compliance mapping
  • Threat simulation and tabletop exercises

Introduction

This page is a practical prompt library for Cybersecurity Threat Modeling. It is designed for security professionals, threat modelers, and teams who want ready-to-use prompts to simulate threats, reason about mitigations, and produce actionable threat models without improvisation.

Use these prompts to quickly generate structured threat models, identify high-risk vectors, and build a repeatable process for security design reviews and audits.

Direct Answer

The best ChatGPT prompts for Cybersecurity Threat Modeling are a comprehensive, ready-to-use set of 100 prompts that guide you through system definition, threat identification using STRIDE, risk prioritization, mitigation planning, and executive-ready reporting. These prompts are crafted to produce concrete outputs that you can act on today.

How to Use These ChatGPT Prompts

  • Replace placeholders in [placeholder] with your actual system details (e.g., systemDescription, assets, dataFlows).
  • Add concrete constraints and success criteria in [constraints] to tailor outputs.
  • Request outputs in a structured JSON format or a readable report, as shown in Output format within each prompt.
  • Verify outputs by cross-checking against your architecture diagrams, data flows, and control inventories.

100 Best ChatGPT Prompts for Cybersecurity Threat Modeling

  1. Define system boundary and critical assets — Role: Cybersecurity Threat Modeler. Task: Define the system boundary and identify critical assets for the given system. Context: System description: [systemDescription], Assets: [assets], Data flows: [dataFlows], Trust boundaries: [trustBoundaries], Constraints: [constraints]. Output format: A structured threat model in JSON with fields: assets, dataFlows, threats (per asset/data flow using STRIDE), mitigations, riskRatings. Constraints: Use STRIDE, prioritize high-risk items, and provide actionable mitigations.
  2. Identify attacker profiles and capabilities — Role: Threat Modeling Lead. Task: Define attacker profiles and capabilities relevant to the system. Context: System: [systemDescription], Threat actors: [adversaryProfiles], Capabilities: [capabilities], Constraints: [constraints]. Output: JSON with attacker profiles and potential attack paths.
  3. Map data flows and trust boundaries — Role: Data Flow Architect. Task: Map all data flows and delineate trust boundaries between components. Context: System: [systemDescription], Data flows: [dataFlows], Components: [components], Constraints: [constraints]. Output: JSON with data flow diagrams described textually and trust boundary notes.
  4. Enumerate entry points and attack surfaces — Role: Attack Surface Analyst. Task: List all entry points and attack surfaces for the system. Context: System: [systemDescription], Interfaces: [interfaces], External dependencies: [dependencies], Constraints: [constraints]. Output: JSON with surface areas, risk indicators, and suggested mitigations.
  5. Apply STRIDE threats to assets — Role: Threat Modeler. Task: Apply STRIDE categories to each asset and data flow. Context: Assets: [assets], Data flows: [dataFlows], Constraints: [constraints]. Output: JSON mapping of STRIDE threats per asset/flow with initial risk rating.
  6. Document threats per asset and data flow — Role: Threat Auditor. Task: Document identified threats for each asset and data flow using STRIDE. Context: Assets: [assets], Data flows: [dataFlows], Threats: [threats]. Output: JSON with asset-threat pairs and rationale.
  7. Model privilege levels and access control gaps — Role: Access Control Specialist. Task: Model privilege levels and identify gaps in access control. Context: System: [systemDescription], Roles: [roles], Privileges: [privileges], Constraints: [constraints]. Output: JSON detailing role-based access anomalies and mitigation ideas.
  8. Analyze authentication and session management weaknesses — Role: Security Architect. Task: Analyze authentication and session management weaknesses. Context: System: [systemDescription], Authentication: [authMechanisms], Sessions: [sessionManagement], Constraints: [constraints]. Output: JSON with weaknesses, risk levels, and recommended improvements.
  9. Review network segmentation and perimeter controls — Role: Network Security Analyst. Task: Review segmentation and perimeter controls. Context: Network: [networkTopology], Segments: [segments], PerimeterControls: [controls], Constraints: [constraints]. Output: JSON with segmentation gaps and mitigations.
  10. Assess data at rest and in transit protections — Role: Data Security Specialist. Task: Assess protections for data at rest and in transit. Context: Data: [dataTypes], Storage: [storages], Transport: [transports], Encryption: [encryption], Constraints: [constraints]. Output: JSON with risk-based recommendations.
  11. Evaluate logging and monitoring coverage — Role: Monitoring Engineer. Task: Evaluate logging and monitoring coverage. Context: Systems: [systems], Logs: [logTypes], Monitoring: [monitors], Constraints: [constraints]. Output: JSON listing gaps and recommended telemetry.
  12. Assess incident response readiness — Role: IR Lead. Task: Assess incident response readiness. Context: IR plan: [irPlan], Runbooks: [runbooks], Detection: [detections], Constraints: [constraints]. Output: JSON with gaps and improvements.
  13. Enumerate third-party dependencies and risks — Role: Supply Chain Analyst. Task: Enumerate third-party dependencies and associated risks. Context: Dependencies: [dependencies], Vendors: [vendors], Threats: [threats], Constraints: [constraints]. Output: JSON mapping dependencies to risks and mitigations.
  14. Perform risk scoring with a standard framework — Role: Risk Analyst. Task: Score threats using a standard framework (e.g., STRIDE-derived risk). Context: Threats: [threats], Likelihood: [likelihood], Impact: [impact], Constraints: [constraints]. Output: JSON with risk scores and prioritization.
  15. Identify misconfigurations and insecure defaults — Role: Configuration Auditor. Task: Identify misconfigurations and insecure defaults. Context: System: [systemDescription], Configs: [configs], Baselines: [baselines], Constraints: [constraints]. Output: JSON detailing misconfigurations and recommended fixes.
  16. Simulate attacker path using attack graphs — Role: Threat Modeler. Task: Create and analyze an attacker path using attack graphs. Context: System: [systemDescription], Graph: [attackGraph], Constraints: [constraints]. Output: JSON with attacker path scores and mitigations.
  17. Prioritize mitigations by risk level and cost — Role: Security Planner. Task: Prioritize mitigations by risk and cost. Context: Risks: [risks], Costs: [costs], Constraints: [constraints]. Output: JSON with prioritized mitigation plan.
  18. Define security requirements from threats — Role: Requirements Engineer. Task: Derive concrete security requirements from identified threats. Context: Threats: [threats], System: [systemDescription], Constraints: [constraints]. Output: JSON listing requirements per threat.
  19. Create a remediation backlog with owners — Role: Project Lead. Task: Create a remediation backlog with owners and due dates. Context: Threats: [threats], Mitigations: [mitigations], Stakeholders: [owners], Constraints: [constraints]. Output: JSON with backlog items.
  20. Model supply chain threats for components — Role: Supply Chain Threat Modeler. Task: Model supply chain threats for components. Context: Components: [components], Suppliers: [suppliers], Threats: [threats], Constraints: [constraints]. Output: JSON with supplier-level mitigations.
  21. Assess cloud security posture against threats — Role: Cloud Security Architect. Task: Assess cloud posture against identified threats. Context: CloudEnvironment: [cloudEnv], Services: [services], Threats: [threats], Constraints: [constraints]. Output: JSON with cloud controls and gaps.
  22. Evaluate API security threats — Role: API Security Analyst. Task: Evaluate API-related threats and mitigations. Context: APIs: [apis], Data: [data], Auth: [auth], Constraints: [constraints]. Output: JSON with API threat map and mitigations.
  23. Assess containerized environments threat model — Role: Container Security Engineer. Task: Model threats for containerized environments. Context: Environment: [containerEnv], Images: [images], Orchestrator: [orchestrator], Constraints: [constraints]. Output: JSON with container-specific threats and mitigations.
  24. Consider IoT/OT threats in scope — Role: IoT/OT Threat Modeler. Task: Include IoT/OT threats within scope. Context: IoTDevices: [devices], OTSystems: [otSystems], Constraints: [constraints]. Output: JSON with IoT/OT threats and defenses.
  25. Validate threat model with stakeholders — Role: Stakeholder Liaison. Task: Validate the threat model with stakeholders. Context: Stakeholders: [stakeholders], Evidence: [evidence], Feedback: [feedback], Constraints: [constraints]. Output: JSON with stakeholder feedback and changes.
  26. Produce executive summary for leadership — Role: Security Program Lead. Task: Produce a concise executive summary of threats and mitigations for leadership. Context: Threats: [threats], Impacts: [impacts], Mitigations: [mitigations], Constraints: [constraints]. Output: JSON with executive summary and key metrics.
  27. Create diagrammatic representation of threats — Role: Diagram Specialist. Task: Create a readable threat diagram description for stakeholders. Context: Assets: [assets], Flows: [flows], Threats: [threats], Constraints: [constraints]. Output: JSON with diagram description and recommended visuals.
  28. Validate data classification and handling — Role: Data Governance Lead. Task: Validate data classification and handling policies against threats. Context: DataClasses: [classes], Handling: [policies], Threats: [threats], Constraints: [constraints]. Output: JSON with gaps and actions.
  29. Analyze privacy impact and data minimization — Role: Privacy Specialist. Task: Analyze privacy impact and data minimization in threat model. Context: DataTypes: [dataTypes], PII: [pii], Minimization: [minimization], Constraints: [constraints]. Output: JSON with privacy risk notes and mitigations.
  30. Identify compatibility issues with mitigations — Role: Integration Architect. Task: Check compatibility of proposed mitigations with existing systems. Context: Systems: [systems], Mitigations: [mitigations], Constraints: [constraints]. Output: JSON listing compatibility issues and workarounds.
  31. Propose compensating controls for legacy systems — Role: Legacy Systems Auditor. Task: Propose compensating controls for legacy components. Context: LegacySystems: [legacy], Threats: [threats], Mitigations: [mitigations], Constraints: [constraints]. Output: JSON with recommended compensating controls.
  32. Evaluate developer workflow risks — Role: DevOps Security Engineer. Task: Evaluate security risks in the development workflow. Context: CI/CD: [cicd], Repositories: [repos], Build: [build], Constraints: [constraints]. Output: JSON with workflow risks and mitigations.
  33. Consider insider threat scenarios — Role: Risk Analyst. Task: Model insider threat scenarios and mitigations. Context: Users: [users], Access: [access], Data: [data], Constraints: [constraints]. Output: JSON with insider threats and controls.
  34. Simulate ransomware and cyber extortion scenarios — Role: Incident Planner. Task: Simulate ransomware and extortion scenarios within the threat model. Context: Environment: [environment], RansomwareVectors: [vectors], Backups: [backups], Constraints: [constraints]. Output: JSON with scenario steps and mitigations.
  35. Model phishing and social engineering vectors — Role: Awareness Lead. Task: Model phishing/social engineering threats. Context: Channels: [channels], UserEducation: [education], Constraints: [constraints]. Output: JSON with threat vectors and training recommendations.
  36. Assess ransomware kill chain for organization — Role: Threat Analyst. Task: Assess ransomware kill chain relevance to the organization. Context: Infrastructure: [infra], CriticalAssets: [assets], Backups: [backups], Constraints: [constraints]. Output: JSON with kill-chain phases and defenses.
  37. Map business processes to critical risks — Role: Business Risk Analyst. Task: Map business processes to cybersecurity risks. Context: Processes: [processes], CriticalAssets: [assets], Threats: [threats], Constraints: [constraints]. Output: JSON linking processes to risks and mitigations.
  38. Assess resilience against DDoS threats — Role: Network Resilience Specialist. Task: Assess DDoS resilience. Context: Network: [network], Services: [services], DDoSDefenses: [defenses], Constraints: [constraints]. Output: JSON with resilience gaps and mitigations.
  39. Evaluate disaster recovery alignment — Role: DR Lead. Task: Evaluate alignment between threat model and disaster recovery plans. Context: DRPlan: [drPlan], RTO: [rto], RPO: [rpo], Constraints: [constraints]. Output: JSON with gaps and improvements.
  40. Create incident playbooks from threats — Role: IR Playbook Author. Task: Create incident playbooks mapped to threats. Context: Threats: [threats], Playbooks: [playbooks], Roles: [roles], Constraints: [constraints]. Output: JSON with playbooks.
  41. Define success criteria for mitigations — Role: Security Project Manager. Task: Define measurable success criteria for mitigations. Context: Mitigations: [mitigations], Metrics: [metrics], Constraints: [constraints]. Output: JSON with success criteria.
  42. Document threat sources and probabilities — Role: Threat Modeler. Task: Document threat sources and probability estimates. Context: Threats: [threats], Sources: [sources], Probabilities: [probabilities], Constraints: [constraints]. Output: JSON with source probabilities.
  43. Propose security controls by layer — Role: Security Architect. Task: Propose controls by architectural layer (n-tier). Context: Layers: [layers], Threats: [threats], Constraints: [constraints]. Output: JSON with layered controls.
  44. Validate security testing coverage — Role: Security Tester. Task: Validate SAST/DAST and pen-test coverage against threats. Context: Tests: [tests], Coverage: [coverage], Constraints: [constraints]. Output: JSON with coverage gaps.
  45. Assess supply chain integrity checks — Role: Supply Chain Auditor. Task: Assess integrity checks for the supply chain. Context: Suppliers: [suppliers], Checks: [checks], Constraints: [constraints]. Output: JSON with checks and gaps.
  46. Create risk-based testing plan — Role: QA Security Lead. Task: Create a risk-based testing plan aligned to threats. Context: Threats: [threats], Tests: [tests], Schedule: [schedule], Constraints: [constraints]. Output: JSON with test plan.
  47. Align threat model with compliance requirements — Role: Compliance Liaison. Task: Align threats with applicable regulations. Context: Regulations: [regulations], Threats: [threats], Constraints: [constraints]. Output: JSON with compliance mapping.
  48. Evaluate data loss prevention controls — Role: DLP Specialist. Task: Evaluate DLP controls against threats. Context: Data: [data], DLPControls: [controls], Constraints: [constraints]. Output: JSON with gaps and improvements.
  49. Determine residual risk after mitigations — Role: Risk Manager. Task: Determine residual risk post-mitigations. Context: Threats: [threats], Mitigations: [mitigations], ResidualRisk: [residual], Constraints: [constraints]. Output: JSON with residual risk levels.
  50. Create governance metrics for threat model — Role: Governance Lead. Task: Create governance metrics for ongoing threat modeling. Context: Metrics: [metrics], DataSources: [sources], Constraints: [constraints]. Output: JSON with dashboards and cadence.
  51. Identify security debt and backlog — Role: Engineering Manager. Task: Identify security debt and create backlog items. Context: Codebase: [codebase], DebtItems: [items], Priorities: [priorities], Constraints: [constraints]. Output: JSON with backlog items.
  52. Map threat model to architectural diagrams — Role: Solution Architect. Task: Map threats to architectural diagrams. Context: Diagrams: [diagrams], Assets: [assets], Threats: [threats], Constraints: [constraints]. Output: JSON with mapping notes.
  53. Evaluate zero-trust implications — Role: Zero Trust Architect. Task: Assess zero-trust implications for the system. Context: TrustAssumptions: [assumptions], Identities: [identities], Access: [access], Constraints: [constraints]. Output: JSON with zero-trust plan.
  54. Assess authentication factors and MFA strength — Role: Identity Security Lead. Task: Assess MFA strength and authentication factors. Context: Identities: [identities], MFA: [mfa], Risks: [risks], Constraints: [constraints]. Output: JSON with improvements.
  55. Analyze credential theft risk — Role: Credential Security Expert. Task: Analyze credential theft risk vectors. Context: Credentials: [credentials], Vectors: [vectors], Defenses: [defenses], Constraints: [constraints]. Output: JSON with risk and mitigations.
  56. Model supply chain risk in procurement — Role: Procurement Security Lead. Task: Model supply chain risk for procurement. Context: Procurements: [procurements], Suppliers: [suppliers], Controls: [controls], Constraints: [constraints]. Output: JSON with procurement risk plan.
  57. Consider cyber risk scoring for business units — Role: Business Risk Lead. Task: Score cyber risk by business unit. Context: Units: [units], Threats: [threats], Scores: [scores], Constraints: [constraints]. Output: JSON with unit risk scores.
  58. Identify data exfiltration paths — Role: Data Security Analyst. Task: Identify data exfiltration paths. Context: Data: [data], Channels: [channels], Controls: [controls], Constraints: [constraints]. Output: JSON with exfil paths and mitigations.
  59. Model privilege escalation paths — Role: Privilege Modeler. Task: Model paths for privilege escalation. Context: Systems: [systems], Privileges: [privileges], Constraints: [constraints]. Output: JSON with escalation paths and mitigations.
  60. Evaluate session fixation risks — Role: Web Security Engineer. Task: Evaluate session management risks including session fixation. Context: Sessions: [sessions], Tokens: [tokens], Constraints: [constraints]. Output: JSON with risk notes and mitigations.
  61. Assess API gateway security — Role: API Security Architect. Task: Assess API gateway security threats and controls. Context: Gateway: [gateway], Routes: [routes], Auth: [auth], Constraints: [constraints]. Output: JSON with threats and mitigations.
  62. Threat modeling in CI/CD pipelines — Role: DevSecOps Lead. Task: Integrate threat modeling into CI/CD. Context: Pipelines: [pipelines], Checks: [checks], Constraints: [constraints]. Output: JSON with integration plan.
  63. Validate patch management integration — Role: Patch Program Manager. Task: Validate patch management alignment with threat model. Context: Patches: [patches], Systems: [systems], Constraints: [constraints]. Output: JSON with gaps and actions.
  64. Analyze cryptographic key management — Role: Crypto Security Lead. Task: Analyze key management practices. Context: Keys: [keys], Crypto: [crypto], Vaults: [vaults], Constraints: [constraints]. Output: JSON with improvements.
  65. Evaluate mobile app threat model — Role: Mobile Security Architect. Task: Threat model for a mobile app. Context: Platform: [platform], Features: [features], Data: [data], Constraints: [constraints]. Output: JSON with threats and mitigations.
  66. Threat modeling for on-prem to cloud migrations — Role: Cloud Migration Specialist. Task: Model threats during on-prem to cloud migrations. Context: Source: [source], Destination: [destination], Data: [data], Constraints: [constraints]. Output: JSON with migration risks and controls.
  67. Model cloud misconfigurations examples — Role: Cloud Security Analyst. Task: Model common cloud misconfigurations and mitigations. Context: Cloud: [cloud], Resources: [resources], Misconfig: [misconfig], Constraints: [constraints]. Output: JSON with examples and fixes.
  68. Evaluate data backup integrity as threat control — Role: Backup Security Lead. Task: Evaluate backups as a threat control. Context: Backups: [backups], IntegrityChecks: [checks], RestoreTests: [tests], Constraints: [constraints]. Output: JSON with improvements.
  69. Analyze server-side request forgery risks — Role: Web Security Engineer. Task: Analyze SSRF threats and mitigations. Context: Servers: [servers], Endpoints: [endpoints], Controls: [controls], Constraints: [constraints]. Output: JSON with SSRF risk and mitigations.
  70. Map automation and orchestration risks — Role: Automation Security Lead. Task: Map risks in automated workflows. Context: Orchestration: [orchestration], Workflows: [workflows], Threats: [threats], Constraints: [constraints]. Output: JSON with orchestration risk.
  71. Consider machine learning model security threats — Role: ML Security Specialist. Task: Model security threats for ML components. Context: Models: [models], Data: [data], Threats: [threats], Constraints: [constraints]. Output: JSON with ML threat mitigations.
  72. Evaluate AI/ML data poisoning risks — Role: AI Security Lead. Task: Evaluate data poisoning risks for ML models. Context: TrainingData: [data], Models: [models], Defenses: [defenses], Constraints: [constraints]. Output: JSON with risk and defenses.
  73. Model supply chain for open source — Role: Open Source Security Lead. Task: Model threats in open source software supply chain. Context: OSS: [oss], Maintainers: [maintainers], Threats: [threats], Constraints: [constraints]. Output: JSON with mitigations.
  74. Identify strong password policies vs user behavior — Role: Identity Security Analyst. Task: Analyze password policies against user behavior and security. Context: Policies: [policies], Users: [users], Behavior: [behavior], Constraints: [constraints]. Output: JSON with recommendations.
  75. Threat modeling for remote work — Role: Remote Work Security Lead. Task: Model threats in remote work scenarios. Context: RemoteDevices: [devices], Networks: [networks], Access: [access], Constraints: [constraints]. Output: JSON with threats and mitigations.
  76. Assess VPN security boundaries — Role: Network Security Architect. Task: Assess VPN security boundaries. Context: VPN: [vpn], BoundaryControls: [controls], Threats: [threats], Constraints: [constraints]. Output: JSON with gaps and improvements.
  77. Analyze endpoint protection coverage — Role: Endpoint Security Lead. Task: Analyze endpoint protection coverage. Context: Endpoints: [endpoints], Protections: [protections], Threats: [threats], Constraints: [constraints]. Output: JSON with gaps and enhancements.
  78. Evaluate BYOD risks — Role: BYOD Security Specialist. Task: Evaluate bring-your-own-device risks. Context: Devices: [devices], Data: [data], Controls: [controls], Constraints: [constraints]. Output: JSON with risks and mitigations.
  79. Model lateral movement in network segments — Role: Network Forensics Analyst. Task: Model lateral movement paths within segments. Context: Segments: [segments], Assets: [assets], Constraints: [constraints]. Output: JSON with movement paths and controls.
  80. Evaluate detection and alert tuning — Role: SOC Analyst. Task: Evaluate detection coverage and alert tuning. Context: Detections: [detections], Alerts: [alerts], Tuning: [tuning], Constraints: [constraints]. Output: JSON with gaps and tuning suggestions.
  81. Document risk acceptance criteria — Role: Governance Auditor. Task: Document risk acceptance criteria. Context: Risks: [risks], Acceptance: [acceptance], Constraints: [constraints]. Output: JSON with criteria.
  82. Build scenario-based threat narratives — Role: Threat Storyteller. Task: Build scenario-based narratives for executive briefing. Context: Scenarios: [scenarios], Threats: [threats], Outcomes: [outcomes], Constraints: [constraints]. Output: JSON with narratives.
  83. Validate tabletop exercise findings — Role: Tabletop Lead. Task: Validate findings from tabletop exercises. Context: Exercises: [exercises], Findings: [findings], Actions: [actions], Constraints: [constraints]. Output: JSON with updates.
  84. Use threat intel to update model — Role: Threat Intel Analyst. Task: Update threat model with recent intelligence. Context: Intel: [intel], Threats: [threats], Actions: [actions], Constraints: [constraints]. Output: JSON with updates.
  85. Assess regulatory reporting threats — Role: Compliance Threat Lead. Task: Assess threats to regulatory reporting. Context: Reports: [reports], Data: [data], Threats: [threats], Constraints: [constraints]. Output: JSON with mitigations.
  86. Review change management for security implications — Role: Change Manager. Task: Review security implications of changes. Context: Changes: [changes], Systems: [systems], Constraints: [constraints]. Output: JSON with security implications.
  87. Validate logging retention and privacy — Role: Privacy and Logging Lead. Task: Validate log retention vs privacy requirements. Context: Logs: [logs], Retention: [retention], Privacy: [privacy], Constraints: [constraints]. Output: JSON with actionable changes.
  88. Analyze cross-border data risks — Role: Data Protection Officer. Task: Analyze cross-border data transfer risks. Context: DataFlows: [flows], Jurisdictions: [jurisdictions], Constraints: [constraints]. Output: JSON with recommendations.
  89. Model contractor and vendor access — Role: Vendor Security Lead. Task: Model contractor access and controls. Context: Contractors: [contractors], Access: [access], Contracts: [contracts], Constraints: [constraints]. Output: JSON with access controls.
  90. Evaluate disaster recovery test effectiveness — Role: DR Test Lead. Task: Evaluate disaster recovery test effectiveness. Context: Tests: [tests], Results: [results], Gaps: [gaps], Constraints: [constraints]. Output: JSON with improvements.
  91. Consider edge computing attack surfaces — Role: Edge Security Architect. Task: Model attack surfaces for edge computing. Context: EdgeNodes: [nodes], Connectivity: [connectivity], Threats: [threats], Constraints: [constraints]. Output: JSON with edge-specific mitigations.
  92. Assess blockchain or crypto wallet threats — Role: Crypto Security Analyst. Task: Model threats to blockchain/crypto wallets. Context: Wallets: [wallets], Keys: [keys], Network: [network], Constraints: [constraints]. Output: JSON with threats and defenses.
  93. Evaluate backup restore procedures impact — Role: Data Resilience Lead. Task: Evaluate backup/restore procedures impact on threat model. Context: Backups: [backups], Restore: [restore], RTO: [rto], Constraints: [constraints]. Output: JSON with improvements.
  94. Simulate active threat kill chain disruptions — Role: Threat Hunter. Task: Simulate interruption of attacker kill chain. Context: KillChain: [killChain], Defenses: [defenses], Constraints: [constraints]. Output: JSON with disruption plan.
  95. Assess supply chain security for firmware — Role: Firmware Security Lead. Task: Model firmware supply chain threats. Context: Firmware: [firmware], Suppliers: [suppliers], Updates: [updates], Constraints: [constraints]. Output: JSON with mitigations.
  96. Document risk decisions and rationale — Role: Governance Writer. Task: Document risk decisions and their rationale. Context: Decisions: [decisions], Rationale: [rationale], Constraints: [constraints]. Output: JSON with documentation.
  97. Evaluate role-based access across systems — Role: IAM Lead. Task: Evaluate RBAC across systems. Context: Systems: [systems], Roles: [roles], Access: [access], Constraints: [constraints]. Output: JSON with findings.
  98. Analyze privilege revocation processes — Role: Identity Governance Lead. Task: Analyze privilege revocation workflows. Context: Identities: [identities], Revocation: [revocation], Evidence: [evidence], Constraints: [constraints]. Output: JSON with recommendations.
  99. Review architecture decisions from threat lens — Role: Enterprise Architect. Task: Review architectural decisions against threats. Context: Decisions: [decisions], Threats: [threats], Constraints: [constraints]. Output: JSON with risk notes.
  100. Create executive-ready threat model artifact for audit — Role: Compliance and Audit Lead. Task: Produce an executive-ready threat model artifact for audit readiness. Context: Threats: [threats], Mitigations: [mitigations], Outcomes: [outcomes], Constraints: [constraints]. Output: JSON with artifact sections and evidence.

Markdown Template

100 Best ChatGPT Prompts for Cybersecurity Threat Modeling

# 100 Best ChatGPT Prompts for Cybersecurity Threat Modeling

**Define system boundary and critical assets**: Role: Cybersecurity Threat Modeler. Task: Define the system boundary and identify critical assets for the given system. Context: System description: [systemDescription], Assets: [assets], Data flows: [dataFlows], Trust boundaries: [trustBoundaries], Constraints: [constraints]. Output format: A structured threat model in JSON with fields: assets, dataFlows, threats (per asset/data flow using STRIDE), mitigations, riskRatings. Constraints: Use STRIDE, prioritize high-risk items, and provide actionable mitigations.
**Identify attacker profiles and capabilities**: Role: Threat Modeling Lead. Task: Define attacker profiles and capabilities relevant to the system. Context: System: [systemDescription], Threat actors: [adversaryProfiles], Capabilities: [capabilities], Constraints: [constraints]. Output: JSON with attacker profiles and potential attack paths.
**Map data flows and trust boundaries**: Role: Data Flow Architect. Task: Map all data flows and delineate trust boundaries between components. Context: System: [systemDescription], Data flows: [dataFlows], Components: [components], Constraints: [constraints]. Output: JSON with data flow diagrams described textually and trust boundary notes.
**Enumerate entry points and attack surfaces**: Role: Attack Surface Analyst. Task: List all entry points and attack surfaces for the system. Context: System: [systemDescription], Interfaces: [interfaces], External dependencies: [dependencies], Constraints: [constraints]. Output: JSON with surface areas, risk indicators, and suggested mitigations.
**Apply STRIDE threats to assets**: Role: Threat Modeler. Task: Apply STRIDE categories to each asset and data flow. Context: Assets: [assets], Data flows: [dataFlows], Constraints: [constraints]. Output: JSON mapping of STRIDE threats per asset/flow with initial risk rating.
**Document threats per asset and data flow**: Role: Threat Auditor. Task: Document identified threats for each asset and data flow using STRIDE. Context: Assets: [assets], Data flows: [dataFlows], Threats: [threats]. Output: JSON with asset-threat pairs and rationale.
**Model privilege levels and access control gaps**: Role: Access Control Specialist. Task: Model privilege levels and identify gaps in access control. Context: System: [systemDescription], Roles: [roles], Privileges: [privileges], Constraints: [constraints]. Output: JSON detailing role-based access anomalies and mitigation ideas.
**Analyze authentication and session management weaknesses**: Role: Security Architect. Task: Analyze authentication and session management weaknesses. Context: System: [systemDescription], Authentication: [authMechanisms], Sessions: [sessionManagement], Constraints: [constraints]. Output: JSON with weaknesses, risk levels, and recommended improvements.
**Review network segmentation and perimeter controls**: Role: Network Security Analyst. Task: Review segmentation and perimeter controls. Context: Network: [networkTopology], Segments: [segments], PerimeterControls: [controls], Constraints: [constraints]. Output: JSON with segmentation gaps and mitigations.
**Assess data at rest and in transit protections**: Role: Data Security Specialist. Task: Assess protections for data at rest and in transit. Context: Data: [dataTypes], Storage: [storages], Transport: [transports], Encryption: [encryption], Constraints: [constraints]. Output: JSON with risk-based recommendations.
**Evaluate logging and monitoring coverage**: Role: Monitoring Engineer. Task: Evaluate logging and monitoring coverage. Context: Systems: [systems], Logs: [logTypes], Monitoring: [monitors], Constraints: [constraints]. Output: JSON listing gaps and recommended telemetry.
**Assess incident response readiness**: Role: IR Lead. Task: Assess incident response readiness. Context: IR plan: [irPlan], Runbooks: [runbooks], Detection: [detections], Constraints: [constraints]. Output: JSON with gaps and improvements.
**Enumerate third-party dependencies and risks**: Role: Supply Chain Analyst. Task: Enumerate third-party dependencies and associated risks. Context: Dependencies: [dependencies], Vendors: [vendors], Threats: [threats], Constraints: [constraints]. Output: JSON mapping dependencies to risks and mitigations.
**Perform risk scoring with a standard framework**: Role: Risk Analyst. Task: Score threats using a standard framework (e.g., STRIDE-derived risk). Context: Threats: [threats], Likelihood: [likelihood], Impact: [impact], Constraints: [constraints]. Output: JSON with risk scores and prioritization.
**Identify misconfigurations and insecure defaults**: Role: Configuration Auditor. Task: Identify misconfigurations and insecure defaults. Context: System: [systemDescription], Configs: [configs], Baselines: [baselines], Constraints: [constraints]. Output: JSON detailing misconfigurations and recommended fixes.
**Simulate attacker path using attack graphs**: Role: Threat Modeler. Task: Create and analyze an attacker path using attack graphs. Context: System: [systemDescription], Graph: [attackGraph], Constraints: [constraints]. Output: JSON with attacker path scores and mitigations.
**Prioritize mitigations by risk level and cost**: Role: Security Planner. Task: Prioritize mitigations by risk and cost. Context: Risks: [risks], Costs: [costs], Constraints: [constraints]. Output: JSON with prioritized mitigation plan.
**Define security requirements from threats**: Role: Requirements Engineer. Task: Derive concrete security requirements from identified threats. Context: Threats: [threats], System: [systemDescription], Constraints: [constraints]. Output: JSON listing requirements per threat.
**Create a remediation backlog with owners**: Role: Project Lead. Task: Create a remediation backlog with owners and due dates. Context: Threats: [threats], Mitigations: [mitigations], Stakeholders: [owners], Constraints: [constraints]. Output: JSON with backlog items.
**Model supply chain threats for components**: Role: Supply Chain Threat Modeler. Task: Model supply chain threats for components. Context: Components: [components], Suppliers: [suppliers], Threats: [threats], Constraints: [constraints]. Output: JSON with supplier-level mitigations.
**Assess cloud security posture against threats**: Role: Cloud Security Architect. Task: Assess cloud posture against identified threats. Context: CloudEnvironment: [cloudEnv], Services: [services], Threats: [threats], Constraints: [constraints]. Output: JSON with cloud controls and gaps.
**Evaluate API security threats**: Role: API Security Analyst. Task: Evaluate API-related threats and mitigations. Context: APIs: [apis], Data: [data], Auth: [auth], Constraints: [constraints]. Output: JSON with API threat map and mitigations.
**Assess containerized environments threat model**: Role: Container Security Engineer. Task: Model threats for containerized environments. Context: Environment: [containerEnv], Images: [images], Orchestrator: [orchestrator], Constraints: [constraints]. Output: JSON with container-specific threats and mitigations.
**Consider IoT/OT threats in scope**: Role: IoT/OT Threat Modeler. Task: Include IoT/OT threats within scope. Context: IoTDevices: [devices], OTSystems: [otSystems], Constraints: [constraints]. Output: JSON with IoT/OT threats and defenses.
**Validate threat model with stakeholders**: Role: Stakeholder Liaison. Task: Validate the threat model with stakeholders. Context: Stakeholders: [stakeholders], Evidence: [evidence], Feedback: [feedback], Constraints: [constraints]. Output: JSON with stakeholder feedback and changes.
**Produce executive summary for leadership**: Role: Security Program Lead. Task: Produce a concise executive summary of threats and mitigations for leadership. Context: Threats: [threats], Impacts: [impacts], Mitigations: [mitigations], Constraints: [constraints]. Output: JSON with executive summary and key metrics.
**Create diagrammatic representation of threats**: Role: Diagram Specialist. Task: Create a readable threat diagram description for stakeholders. Context: Assets: [assets], Flows: [flows], Threats: [threats], Constraints: [constraints]. Output: JSON with diagram description and recommended visuals.
**Validate data classification and handling**: Role: Data Governance Lead. Task: Validate data classification and handling policies against threats. Context: DataClasses: [classes], Handling: [policies], Threats: [threats], Constraints: [constraints]. Output: JSON with gaps and actions.
**Analyze privacy impact and data minimization**: Role: Privacy Specialist. Task: Analyze privacy impact and data minimization in threat model. Context: DataTypes: [dataTypes], PII: [pii], Minimization: [minimization], Constraints: [constraints]. Output: JSON with privacy risk notes and mitigations.
**Identify compatibility issues with mitigations**: Role: Integration Architect. Task: Check compatibility of proposed mitigations with existing systems. Context: Systems: [systems], Mitigations: [mitigations], Constraints: [constraints]. Output: JSON listing compatibility issues and workarounds.
**Propose compensating controls for legacy systems**: Role: Legacy Systems Auditor. Task: Propose compensating controls for legacy components. Context: LegacySystems: [legacy], Threats: [threats], Mitigations: [mitigations], Constraints: [constraints]. Output: JSON with recommended compensating controls.
**Evaluate developer workflow risks**: Role: DevOps Security Engineer. Task: Evaluate security risks in the development workflow. Context: CI/CD: [cicd], Repositories: [repos], Build: [build], Constraints: [constraints]. Output: JSON with workflow risks and mitigations.
**Consider insider threat scenarios**: Role: Risk Analyst. Task: Model insider threat scenarios and mitigations. Context: Users: [users], Access: [access], Data: [data], Constraints: [constraints]. Output: JSON with insider threats and controls.
**Simulate ransomware and cyber extortion scenarios**: Role: Incident Planner. Task: Simulate ransomware and extortion scenarios within the threat model. Context: Environment: [environment], RansomwareVectors: [vectors], Backups: [backups], Constraints: [constraints]. Output: JSON with scenario steps and mitigations.
**Model phishing and social engineering vectors**: Role: Awareness Lead. Task: Model phishing/social engineering threats. Context: Channels: [channels], UserEducation: [education], Constraints: [constraints]. Output: JSON with threat vectors and training recommendations.
**Assess ransomware kill chain for organization**: Role: Threat Analyst. Task: Assess ransomware kill chain relevance to the organization. Context: Infrastructure: [infra], CriticalAssets: [assets], Backups: [backups], Constraints: [constraints]. Output: JSON with kill-chain phases and defenses.
**Map business processes to critical risks**: Role: Business Risk Analyst. Task: Map business processes to cybersecurity risks. Context: Processes: [processes], CriticalAssets: [assets], Threats: [threats], Constraints: [constraints]. Output: JSON linking processes to risks and mitigations.
**Assess resilience against DDoS threats**: Role: Network Resilience Specialist. Task: Assess DDoS resilience. Context: Network: [network], Services: [services], DDoSDefenses: [defenses], Constraints: [constraints]. Output: JSON with resilience gaps and mitigations.
**Evaluate disaster recovery alignment**: Role: DR Lead. Task: Evaluate alignment between threat model and disaster recovery plans. Context: DRPlan: [drPlan], RTO: [rto], RPO: [rpo], Constraints: [constraints]. Output: JSON with gaps and improvements.
**Create incident playbooks from threats**: Role: IR Playbook Author. Task: Create incident playbooks mapped to threats. Context: Threats: [threats], Playbooks: [playbooks], Roles: [roles], Constraints: [constraints]. Output: JSON with playbooks.
**Define success criteria for mitigations**: Role: Security Project Manager. Task: Define measurable success criteria for mitigations. Context: Mitigations: [mitigations], Metrics: [metrics], Constraints: [constraints]. Output: JSON with success criteria.
**Document threat sources and probabilities**: Role: Threat Modeler. Task: Document threat sources and probability estimates. Context: Threats: [threats], Sources: [sources], Probabilities: [probabilities], Constraints: [constraints]. Output: JSON with source probabilities.
**Propose security controls by layer**: Role: Security Architect. Task: Propose controls by architectural layer (n-tier). Context: Layers: [layers], Threats: [threats], Constraints: [constraints]. Output: JSON with layered controls.
**Validate security testing coverage**: Role: Security Tester. Task: Validate SAST/DAST and pen-test coverage against threats. Context: Tests: [tests], Coverage: [coverage], Constraints: [constraints]. Output: JSON with coverage gaps.
**Assess supply chain integrity checks**: Role: Supply Chain Auditor. Task: Assess integrity checks for the supply chain. Context: Suppliers: [suppliers], Checks: [checks], Constraints: [constraints]. Output: JSON with checks and gaps.
**Create risk-based testing plan**: Role: QA Security Lead. Task: Create a risk-based testing plan aligned to threats. Context: Threats: [threats], Tests: [tests], Schedule: [schedule], Constraints: [constraints]. Output: JSON with test plan.
**Align threat model with compliance requirements**: Role: Compliance Liaison. Task: Align threats with applicable regulations. Context: Regulations: [regulations], Threats: [threats], Constraints: [constraints]. Output: JSON with compliance mapping.
**Evaluate data loss prevention controls**: Role: DLP Specialist. Task: Evaluate DLP controls against threats. Context: Data: [data], DLPControls: [controls], Constraints: [constraints]. Output: JSON with gaps and improvements.
**Determine residual risk after mitigations**: Role: Risk Manager. Task: Determine residual risk post-mitigations. Context: Threats: [threats], Mitigations: [mitigations], ResidualRisk: [residual], Constraints: [constraints]. Output: JSON with residual risk levels.
**Create governance metrics for threat model**: Role: Governance Lead. Task: Create governance metrics for ongoing threat modeling. Context: Metrics: [metrics], DataSources: [sources], Constraints: [constraints]. Output: JSON with dashboards and cadence.
**Identify security debt and backlog**: Role: Engineering Manager. Task: Identify security debt and create backlog items. Context: Codebase: [codebase], DebtItems: [items], Priorities: [priorities], Constraints: [constraints]. Output: JSON with backlog items.
**Map threat model to architectural diagrams**: Role: Solution Architect. Task: Map threats to architectural diagrams. Context: Diagrams: [diagrams], Assets: [assets], Threats: [threats], Constraints: [constraints]. Output: JSON with mapping notes.
**Evaluate zero-trust implications**: Role: Zero Trust Architect. Task: Assess zero-trust implications for the system. Context: TrustAssumptions: [assumptions], Identities: [identities], Access: [access], Constraints: [constraints]. Output: JSON with zero-trust plan.
**Assess authentication factors and MFA strength**: Role: Identity Security Lead. Task: Assess MFA strength and authentication factors. Context: Identities: [identities], MFA: [mfa], Risks: [risks], Constraints: [constraints]. Output: JSON with improvements.
**Analyze credential theft risk**: Role: Credential Security Expert. Task: Analyze credential theft risk vectors. Context: Credentials: [credentials], Vectors: [vectors], Defenses: [defenses], Constraints: [constraints]. Output: JSON with risk and mitigations.
**Model supply chain risk in procurement**: Role: Procurement Security Lead. Task: Model supply chain risk for procurement. Context: Procurements: [procurements], Suppliers: [suppliers], Controls: [controls], Constraints: [constraints]. Output: JSON with procurement risk plan.
**Consider cyber risk scoring for business units**: Role: Business Risk Lead. Task: Score cyber risk by business unit. Context: Units: [units], Threats: [threats], Scores: [scores], Constraints: [constraints]. Output: JSON with unit risk scores.
**Identify data exfiltration paths**: Role: Data Security Analyst. Task: Identify data exfiltration paths. Context: Data: [data], Channels: [channels], Controls: [controls], Constraints: [constraints]. Output: JSON with exfil paths and mitigations.
**Model privilege escalation paths**: Role: Privilege Modeler. Task: Model paths for privilege escalation. Context: Systems: [systems], Privileges: [privileges], Constraints: [constraints]. Output: JSON with escalation paths and mitigations.
**Evaluate session fixation risks**: Role: Web Security Engineer. Task: Evaluate session management risks including session fixation. Context: Sessions: [sessions], Tokens: [tokens], Constraints: [constraints]. Output: JSON with risk notes and mitigations.
**Assess API gateway security**: Role: API Security Architect. Task: Assess API gateway security threats and controls. Context: Gateway: [gateway], Routes: [routes], Auth: [auth], Constraints: [constraints]. Output: JSON with threats and mitigations.
**Threat modeling in CI/CD pipelines**: Role: DevSecOps Lead. Task: Integrate threat modeling into CI/CD. Context: Pipelines: [pipelines], Checks: [checks], Constraints: [constraints]. Output: JSON with integration plan.
**Validate patch management integration**: Role: Patch Program Manager. Task: Validate patch management alignment with threat model. Context: Patches: [patches], Systems: [systems], Constraints: [constraints]. Output: JSON with gaps and actions.
**Analyze cryptographic key management**: Role: Crypto Security Lead. Task: Analyze key management practices. Context: Keys: [keys], Crypto: [crypto], Vaults: [vaults], Constraints: [constraints]. Output: JSON with improvements.
**Evaluate mobile app threat model**: Role: Mobile Security Architect. Task: Threat model for a mobile app. Context: Platform: [platform], Features: [features], Data: [data], Constraints: [constraints]. Output: JSON with threats and mitigations.
**Threat modeling for on-prem to cloud migrations**: Role: Cloud Migration Specialist. Task: Model threats during on-prem to cloud migrations. Context: Source: [source], Destination: [destination], Data: [data], Constraints: [constraints]. Output: JSON with migration risks and controls.
**Model cloud misconfigurations examples**: Role: Cloud Security Analyst. Task: Model common cloud misconfigurations and mitigations. Context: Cloud: [cloud], Resources: [resources], Misconfig: [misconfig], Constraints: [constraints]. Output: JSON with examples and fixes.
**Evaluate data backup integrity as threat control**: Role: Backup Security Lead. Task: Evaluate backups as a threat control. Context: Backups: [backups], IntegrityChecks: [checks], RestoreTests: [tests], Constraints: [constraints]. Output: JSON with improvements.
**Analyze server-side request forgery risks**: Role: Web Security Engineer. Task: Analyze SSRF threats and mitigations. Context: Servers: [servers], Endpoints: [endpoints], Controls: [controls], Constraints: [constraints]. Output: JSON with SSRF risk and mitigations.
**Map automation and orchestration risks**: Role: Automation Security Lead. Task: Map risks in automated workflows. Context: Orchestration: [orchestration], Workflows: [workflows], Threats: [threats], Constraints: [constraints]. Output: JSON with orchestration risk.
**Consider machine learning model security threats**: Role: ML Security Specialist. Task: Model security threats for ML components. Context: Models: [models], Data: [data], Threats: [threats], Constraints: [constraints]. Output: JSON with ML threat mitigations.
**Evaluate AI/ML data poisoning risks**: Role: AI Security Lead. Task: Evaluate data poisoning risks for ML models. Context: TrainingData: [data], Models: [models], Defenses: [defenses], Constraints: [constraints]. Output: JSON with risk and defenses.
**Model supply chain for open source**: Role: Open Source Security Lead. Task: Model threats in open source software supply chain. Context: OSS: [oss], Maintainers: [maintainers], Threats: [threats], Constraints: [constraints]. Output: JSON with mitigations.
**Identify strong password policies vs user behavior**: Role: Identity Security Analyst. Task: Analyze password policies against user behavior and security. Context: Policies: [policies], Users: [users], Behavior: [behavior], Constraints: [constraints]. Output: JSON with recommendations.
**Threat modeling for remote work**: Role: Remote Work Security Lead. Task: Model threats in remote work scenarios. Context: RemoteDevices: [devices], Networks: [networks], Access: [access], Constraints: [constraints]. Output: JSON with threats and mitigations.
**Assess VPN security boundaries**: Role: Network Security Architect. Task: Assess VPN security boundaries. Context: VPN: [vpn], BoundaryControls: [controls], Threats: [threats], Constraints: [constraints]. Output: JSON with gaps and improvements.
**Analyze endpoint protection coverage**: Role: Endpoint Security Lead. Task: Analyze endpoint protection coverage. Context: Endpoints: [endpoints], Protections: [protections], Threats: [threats], Constraints: [constraints]. Output: JSON with gaps and enhancements.
**Evaluate BYOD risks**: Role: BYOD Security Specialist. Task: Evaluate bring-your-own-device risks. Context: Devices: [devices], Data: [data], Controls: [controls], Constraints: [constraints]. Output: JSON with risks and mitigations.
**Model lateral movement in network segments**: Role: Network Forensics Analyst. Task: Model lateral movement paths within segments. Context: Segments: [segments], Assets: [assets], Constraints: [constraints]. Output: JSON with movement paths and controls.
**Evaluate detection and alert tuning**: Role: SOC Analyst. Task: Evaluate detection coverage and alert tuning. Context: Detections: [detections], Alerts: [alerts], Tuning: [tuning], Constraints: [constraints]. Output: JSON with gaps and tuning suggestions.
**Document risk acceptance criteria**: Role: Governance Auditor. Task: Document risk acceptance criteria. Context: Risks: [risks], Acceptance: [acceptance], Constraints: [constraints]. Output: JSON with criteria.
**Build scenario-based threat narratives**: Role: Threat Storyteller. Task: Build scenario-based narratives for executive briefing. Context: Scenarios: [scenarios], Threats: [threats], Outcomes: [outcomes], Constraints: [constraints]. Output: JSON with narratives.
**Validate tabletop exercise findings**: Role: Tabletop Lead. Task: Validate findings from tabletop exercises. Context: Exercises: [exercises], Findings: [findings], Actions: [actions], Constraints: [constraints]. Output: JSON with updates.
**Use threat intel to update model**: Role: Threat Intel Analyst. Task: Update threat model with recent intelligence. Context: Intel: [intel], Threats: [threats], Actions: [actions], Constraints: [constraints]. Output: JSON with updates.
**Assess regulatory reporting threats**: Role: Compliance Threat Lead. Task: Assess threats to regulatory reporting. Context: Reports: [reports], Data: [data], Threats: [threats], Constraints: [constraints]. Output: JSON with mitigations.
**Review change management for security implications**: Role: Change Manager. Task: Review security implications of changes. Context: Changes: [changes], Systems: [systems], Constraints: [constraints]. Output: JSON with security implications.
**Validate logging retention and privacy**: Role: Privacy and Logging Lead. Task: Validate log retention vs privacy requirements. Context: Logs: [logs], Retention: [retention], Privacy: [privacy], Constraints: [constraints]. Output: JSON with actionable changes.
**Analyze cross-border data risks**: Role: Data Protection Officer. Task: Analyze cross-border data transfer risks. Context: DataFlows: [flows], Jurisdictions: [jurisdictions], Constraints: [constraints]. Output: JSON with recommendations.
**Model contractor and vendor access**: Role: Vendor Security Lead. Task: Model contractor access and controls. Context: Contractors: [contractors], Access: [access], Contracts: [contracts], Constraints: [constraints]. Output: JSON with access controls.
**Evaluate disaster recovery test effectiveness**: Role: DR Test Lead. Task: Evaluate disaster recovery test effectiveness. Context: Tests: [tests], Results: [results], Gaps: [gaps], Constraints: [constraints]. Output: JSON with improvements.
**Consider edge computing attack surfaces**: Role: Edge Security Architect. Task: Model attack surfaces for edge computing. Context: EdgeNodes: [nodes], Connectivity: [connectivity], Threats: [threats], Constraints: [constraints]. Output: JSON with edge-specific mitigations.
**Assess blockchain or crypto wallet threats**: Role: Crypto Security Analyst. Task: Model threats to blockchain/crypto wallets. Context: Wallets: [wallets], Keys: [keys], Network: [network], Constraints: [constraints]. Output: JSON with threats and defenses.
**Evaluate backup restore procedures impact**: Role: Data Resilience Lead. Task: Evaluate backup/restore procedures impact on threat model. Context: Backups: [backups], Restore: [restore], RTO: [rto], Constraints: [constraints]. Output: JSON with improvements.
**Simulate active threat kill chain disruptions**: Role: Threat Hunter. Task: Simulate interruption of attacker kill chain. Context: KillChain: [killChain], Defenses: [defenses], Constraints: [constraints]. Output: JSON with disruption plan.
**Assess supply chain security for firmware**: Role: Firmware Security Lead. Task: Model firmware supply chain threats. Context: Firmware: [firmware], Suppliers: [suppliers], Updates: [updates], Constraints: [constraints]. Output: JSON with mitigations.
**Document risk decisions and rationale**: Role: Governance Writer. Task: Document risk decisions and their rationale. Context: Decisions: [decisions], Rationale: [rationale], Constraints: [constraints]. Output: JSON with documentation.
**Evaluate role-based access across systems**: Role: IAM Lead. Task: Evaluate RBAC across systems. Context: Systems: [systems], Roles: [roles], Access: [access], Constraints: [constraints]. Output: JSON with findings.
**Analyze privilege revocation processes**: Role: Identity Governance Lead. Task: Analyze privilege revocation workflows. Context: Identities: [identities], Revocation: [revocation], Evidence: [evidence], Constraints: [constraints]. Output: JSON with recommendations.
**Review architecture decisions from threat lens**: Role: Enterprise Architect. Task: Review architectural decisions against threats. Context: Decisions: [decisions], Threats: [threats], Constraints: [constraints]. Output: JSON with risk notes.
**Create executive-ready threat model artifact for audit**: Role: Compliance and Audit Lead. Task: Produce an executive-ready threat model artifact for audit readiness. Context: Threats: [threats], Mitigations: [mitigations], Outcomes: [outcomes], Constraints: [constraints]. Output: JSON with artifact sections and evidence.

Best Practices

- Reuse prompts as templates and replace placeholders for different systems. - Keep outputs precise and auditable, with clear owners and due dates. - Validate outputs against architecture diagrams and policy requirements. - Keep outputs actionable and testable with concrete mitigations and evidence traces.

Common Mistakes to Avoid

- Overpromising without actionable outputs. - Mixing threat modeling with generic security checklists. - Failing to tailor prompts to the system context. - Ignoring data flows and trust boundaries in favor of asset lists only.

FAQ

What is Cybersecurity Threat Modeling?

Threat modeling is a structured approach to identify, analyze, and mitigate risks to a system's security by considering assets, data flows, adversaries, and controls.

How many prompts are included?

There are 100 prompts in this library, designed for comprehensive threat modeling workflows.

Can I adapt prompts for cloud or on-prem environments?

Yes. Use the placeholders in each prompt to specify your environment and constraints, then run the prompt to generate tailored outputs.

What outputs should I expect?

Structured JSON threat models, with assets, data flows, threats by STRIDE, mitigations, risk ratings, and an executive summary for leadership.