Threat modeling that keeps pace
with your engineering
Your architecture changes faster than your threat model can keep up. ThreatWerk connects your diagrams to live threat intelligence, OWASP risk scoring, and MITRE ATT&CK mapping - with real-time collaboration and AI agent integration built in.
Everything you need to model, analyze, and monitor threats
From diagram to deployment, ThreatWerk covers the full threat modeling lifecycle with automation and real-time collaboration.
Threat Modeling
Draw data flow diagrams with processes, data stores, external entities, and trust boundaries. Visual, collaborative, version-controlled.
EU CRA Compliance
Map threats directly to Cyber Resilience Act Annex I requirements. Generate audit-ready evidence showing coverage across your product.
MCP Server for AI Agents
Access your threat models via the Model Context Protocol. AI coding assistants can query threats, add components, and update risk scores programmatically.
STRIDE Analysis
Automatically generate threats per element using STRIDE-per-element methodology. No manual enumeration needed.
OWASP Risk Scoring
Score each threat using the OWASP Risk Rating Methodology. Likelihood x impact on a 0-9 scale with radar visualization.
MITRE ATT&CK Mapping
Map threats to ATT&CK techniques. Heatmap visualization shows coverage and exposure across your model.
Real-time Collaboration
Multiple engineers edit the same model simultaneously. WebSocket-powered presence, cursors, and conflict resolution.
Supply Chain Intelligence
Continuous ingestion from 16+ threat feeds including NVD, CISA KEV, and AlienVault OTX. Auto-matched to your components with campaign tracking and IOC drill-down.
SBOM Integration
Link diagram components to SPDX software inventories from S3. Every package URL is converted to supply chain tags, surfacing relevant CVEs automatically.
From architecture to actionable security
Each feature works together. Model your system, monitor your supply chain, score your risks, and let AI handle the rest.
Collaborative Diagram Editor
Your whole team edits the same threat model simultaneously. Live cursor sharing, instant component sync, and version history with visual diffs. No more passing files around or merging conflicts.
Live Threat Intelligence
Tag components with your dependencies or link an SBOM. ThreatWerk continuously matches CVEs from 16+ feeds to your architecture and maps them to MITRE ATT&CK techniques. You see what you're exposed to before attackers find it.
OWASP Risk Scoring
Score every threat using the full OWASP Risk Rating Methodology. 16 factors across likelihood and impact, computed into a severity rating. The radar chart makes it easy to communicate risk to stakeholders who don't speak security.
AI-Native via MCP
ThreatWerk exposes a full Model Context Protocol server. Connect Claude, Kiro, Cursor, or any MCP client to query threats, add components, score risks, and generate analysis programmatically. Your AI assistant becomes a security engineer.
Three steps from architecture to actionable security
Model
Draw your architecture as a data flow diagram with processes, stores, external entities, and trust boundaries.
Analyze
Identify threats with STRIDE analysis, score them with OWASP methodology, and map to MITRE ATT&CK techniques.
Monitor
16+ threat intelligence feeds continuously match new CVEs to your components. Your threat model stays current without manual effort.
Built on industry standards
ThreatWerk integrates with the frameworks and formats your security team already uses.
Per-user pricing, full platform
Every user gets the complete feature set. Start with a free trial, scale to enterprise. Available on AWS Marketplace.
Up to 5 users. Full platform access for your team to evaluate with real threat models and data.
- Full platform, nothing gated
- No credit card required
- Documentation & community support
Up to 10 users. For security teams, startups, and single product teams running threat modeling in production.
- Full platform, nothing gated
- Monthly or annual billing
- Email support
For organizations scaling threat modeling beyond a single team. Seats negotiated per contract with volume pricing.
- Full platform, nothing gated
- Dedicated onboarding & migration
- Priority support