Spectra Assure Free Trial
Get your 14-day free trial of Spectra Assure for Software Supply Chain Security
Get Free TrialMore about Spectra Assure Free Trial
Organizations looking for a faster and more structured way to threat model their AI systems now have access to an open-source resource designed to help identify security risks before they become exploitable vulnerabilities.
The OWASP Foundation’s Threat Advisor is an AI-powered assistant that guides users through the threat modeling process by first asking them to describe their AI system and then conducting an interactive interview to identify relevant threats, assess risk, and recommend mitigations.
The recommendations draw on more than 300 pages of OWASP AI security guidance based on frameworks and standards such as MOSAIC. The free tool, which runs on Google's NotebookLM, is the latest evolution of the OWASP AI Exchange'’s efforts to make AI threat modeling more accessible.
The new assistant comes as many organizations are struggling to understand and contain new AI-specific risks and vulnerabilities such as prompt injection, supply chain compromise, excessive model privileges, and insecure agent deployments.
Here’s how Threat Adviser works — and how it can work for you.
[ See Webinar: Securing Agentic Development with Forrester ]
OWASP’s goal is for Threat Advisor to help organizations — especially those with limited resources or AI security expertise — to identify, evaluate, and prioritize those risks in the context of their own environment. They can avoid manually navigating hundreds of pages of documentation because the tool translates OWASP’s guidance into a workflow they can use to help identify the threats most relevant to their specific AI deployment.
Rob van der Veer, founder of the OWASP AI Exchange, extolled the tool in a recent post on LinkedIn.
“If you are building or deploying AI, use this to get a high level threat model. It is the fastest way to understand your exposure — and where to focus next.”
—Rob van der Veer
Security experts view Threat Advisor as a useful starting point for AI threat modeling, particularly for organizations lacking dedicated security teams. The tool effectively surfaces many critical AI-specific categories, but the quality of its output will depend heavily on input accuracy and organizational context.
Seemant Sehgal, founder and CEO of BreachLock, said an automated interview can surface relevant controls and map to known threat patterns.
“The value of a tool like this depends entirely on what the organization brings to it. But it can only reason about what it’s told, and most organizations struggle to articulate their own system boundaries, data flows, and trust assumptions clearly enough to get precise output.”
—Seemant Sehgal
The organizations that likely will benefit most from Threat Advisor, Sehgal added, are those that have practitioners who can validate the output, not those hoping the tool will do the thinking for them.
Experts note that Threat Advisor can fill an important gap by helping organizations begin AI security conversations earlier in the development lifecycle. Jacob Krell, senior director of secure AI solutions and cybersecurity at Suzu Labs, noted that OWASP AI Exchange has more than 300 pages of threat and control guidance that feeds into ISO and EU AI Act frameworks, but most teams deploying AI have never touched any of it.
“Threat Advisor turns that into a guided conversation you can run in a single sitting. For startups and mid-market companies shipping models without a security function, that’s a real upgrade from ‘we’ll deal with it later.’”
—Jacob Krell
Larger organizations that have AppSec programs will move through Threat Advisor faster, but even those teams tend to have blind spots in AI-specific threat coverage that the tool can help uncover.
There are some caveats. Organizations using the tool should not confuse its automated guidance with a complete threat model. While Threat Advisor can help identify AI-specific risks, teams still need to evaluate those risks within the broader context of their application’s architecture, business objectives, data flows, and existing security controls, said Jeff Williams, founder of OWASP and founder and CTO of Contrast Security.
“It’s a very interesting effort from the volunteers at OWASP, who have been doing a fantastic job at driving AI security forward.”
—Jeff Williams
Williams said Threat Advisor is an early prototype and cautioned that effective threat modeling requires looking beyond AI-specific risks. “The most serious risks aren’t AI-related,” he said, noting that longstanding application security issues such as authentication weaknesses, access control failures, and injection flaws remain just as relevant.
Williams also questioned whether an AI assistant can fully capture the architectural and operational context needed to produce a comprehensive threat model. “It’s really all about context,” he said, adding that organizations often lack a complete understanding of their own technology stack, data flows, trust boundaries, and threat environment.
That makes it difficult for any single person to answer Threat Advisor’s questions with the level of detail required for precise results. Williams’ advice: Give the AI assistant direct access to the organization’s code repository and technical documentation to help answer the tool’s questions more accurately. He also urges giving great feedback to the Threat Advisor team. “Help make it better,” he said.
While Threat Advisor can help organizations assess their AI-related exposure, experts caution against treating its recommendations as definitive or prescriptive. The tool can help identify what threats apply, but humans still must prioritize risks based on business context, architecture, and actual operational environment.
For example, said Joshua Marpet, senior product security consultant at Finite State, while AI can efficiently examine logs, behavioral analytics, and other security telemetry in isolation, humans are still better at connecting those findings into a broader understanding of attacker activity. Since LLM-based assessments are inherently influenced by how users describe their systems, it’s a good idea to run an analysis multiple times with different prompts to help validate and refine the results, he said.
“Be careful believing it 100%. Not that it’s wrong. Just ask the question several ways.”
—Joshua Marpet
Keel added that because Threat Advisor produces its results as a NotebookLM chat conversation and not as structured data, the recommendations cannot be easily imported into enterprise governance, risk, and compliance tools. Someone has to manually read the output, extract the findings, and enter them into the organization’s risk management system.
That could lead to valid findings getting shelved because rewriting them as risk register entries feels like doing the work twice, he said. He said organizations need to keep that in mind and treat Threat Advisor appropriately.
“Run it before your architecture decisions harden. Treat the output as a starting point, then bring the threat list to your engineering team and pressure-test it against how your system actually runs in production. Do not let a NotebookLM conversation become your compliance artifact.”
—Jacob Krell
While Threat Advisor is a welcome addition to the security arsenal, more needs to be done. Specifically, teams need to modernize there application security (AppSec) approach for the AI era, Doug Levin, a board member at ReversingLabs, wrote recently reality-checking Mythos’ effect on AppSec. “Don’t get distracted by the headlines. Mythos is a milestone, not a destination. Organizations that understand that will come out ahead," he wrote.
"Yes, adversaries are getting an upgrade with AI. But the defensive answer is architectural, not transactional. Smart CISOs and organizations won’t feel compelled to buy the flashiest, [most] cutting-edge AI security product — whether that’s Mythos or the competitors that are already popping up.”
—Doug Levin
Levin wrote that with the next-generation AI, a serious AppSec program isn’t a scanner stack. Instead, it’s a multi-vector reasoning system built on five layers, he advised.
Here are his five recommended layers:
Learn why RL created Spectra Assure Community. And sign up for free to start building more secure software today.