🌳 ThreatForest [samples-agentic-attack-tree-generator]¶

AI powered threat modeling and attack tree generator

Get comprehensive threat models for your application, with autonomous AI agents that analyze, generate, and visualize attack trees mapped to MITRE ATT&CK

Get Started

💻 GitHub Repository

✨ What is ThreatForest?¶

🤖 Autonomous Agents

Three specialized AI agents work together using Strands community tools to explore your repository, parse threats, and generate comprehensive attack trees

🛡️ MITRE ATT&CK Integration

Automatically maps attack steps to TTPs (Tactics, Techniques, and Procedures) using semantic similarity and vector embeddings

📊 Interactive Dashboards

Explore threats visually with interactive HTML dashboards powered by vis-network, complete with filtering and real-time search

⚙️ AWS Bedrock Support

Officially supports AWS Bedrock (Claude models). Other providers (Anthropic, OpenAI, Gemini, Ollama) are experimental and not fully tested

🚀 Quick Example¶

Generate comprehensive attack trees in minutes:

Prerequisites

Before starting, ensure you have Python 3.11+ and AWS Bedrock access.

🎯 Key Features¶

Intelligent Analysis¶

Repository Exploration

RepositoryAnalysisAgent autonomously navigates your project using Strands tools (file_read, editor, image_reader) to discover:

Architecture diagrams and documentation
Technology stack and dependencies
Data flows and trust boundaries
Security objectives and constraints

Threat Processing

ParserAgent intelligently parses threat statements from:

ThreatComposer workspaces (.tc.json)
JSON, YAML, and Markdown formats
Mixed format documents
Legacy threat model files

AI Generation

ThreatGenerationAgent creates contextual threats when none exist, analyzing:

Application architecture
Technology vulnerabilities
Common attack patterns
Industry-specific risks

💼 Use Cases¶

🛡️ Security Teams
Automate threat modeling, generate attack trees, map to MITRE ATT&CK for compliance
🔄 DevSecOps
Integrate into CI/CD, analyze changes, generate security documentation
🏗️ Architects & Developers
Understand security implications, identify vulnerabilities early, learn attack patterns
📋 Compliance & Auditors
Document threats, demonstrate due diligence, generate compliance reports

📊 What You Get¶

Interactive Dashboard ⭐ PRIMARY OUTPUT¶

ThreatForest Dashboard Interactive dashboard with network graph visualization

Features:

Visual network graph with pan/zoom
Interactive node exploration
Real-time filtering and search
MITRE ATT&CK technique details
Expandable mitigation strategies
Export and sharing capabilities

🔒 Privacy & Security¶

Data Privacy

ThreatForest relies on LLM providers to send application details that you provide sends application details to AWS Bedrock for analysis. AWS Bedrock provides enterprise-grade data handling. For alternative providers (experimental), review their data handling policies.

Best Practices:

Use AWS Bedrock for production workloads (officially supported)
Remove secrets and credentials from project files before analysis
Review generated output for any sensitive information
Store outputs in secure, access-controlled locations

🆘 Need Help?¶

📚 Documentation
Browse comprehensive guides and API references
→ Read the docs
🐛 Report Issues
Found a bug? Have a feature request?
→ GitHub Issues
❓ FAQ
Frequently asked questions
→ FAQ