Agentic Threat Hunter
Agentic Threat Hunter
*Note: Sub-titles are not captured in Xplore and should not be used
Authors:
1st Naveen Kumar Sambasivan Data Science Machine Learning PES University
Bangalore, India naveen05p2137@gmail.com
Abstract—Threat modeling is an important security engi- neering discipline that helps identify system vulnerabilities at the system design phase. However, traditional threat modeling techniques are mostly manual and require considerable expertise to process architecture documents and identify possible attack vectors. As the complexity of contemporary distributed systems grows, it has become very difficult to perform effective security design reviews.
In this paper, we are proposing an AI-assisted framework called *Agentic Threat Hunter*, which makes use of Large Language Models (LLMs) and retrieval-augmented generation to perform automated vulnerability modeling on architecture doc- uments. The system analyzes architecture documents, identifies system components and interfaces, and generates possible threats using the STRIDE framework. Through leveraging vector-based document retrieval and systematic reasoning agents, the system can perform multi-step security analysis similar to traditional manual threat modeling techniques.
From the experimental evaluation using the Datacenter Secure Control Module (DC-SCM) architecture documentation, it is clear that Agentic Threat Hunter is able to effectively identify potential threats and security risks in complex system archi- tecture. The results also show that AI-assisted threat modeling can improve the efficiency of security design reviews while maintaining threat identification capabilities.
Index Terms—Threat Modeling, STRIDE, Large Language Models, Agentic AI, Cybersecurity, Retrieval-Augmented Gen- eration