An intelligent threat model evaluation tool that uses Large Language Models (LLMs) to analyze Threat Dragon models and generate comprehensive security assessment reports.
- AI-Powered Analysis: Uses state-of-the-art LLMs to analyze Threat Dragon models and evaluate security posture
- Comprehensive Reports: Generates detailed markdown reports with threat analysis, risk assessment, and recommendations
- Multi-LLM Support: Tested on OpenAI, Anthropic, Google, Novita, and xAI. Works with any LiteLLM-compatible provider
- Threat Dragon Integration: Works seamlessly with Threat Dragon JSON models
- Multiple Output Formats: Generates reports in Markdown, DOCX, and PDF formats
- Batch Processing: Automatically processes multiple threat models and generates summary reports
- Structured Output: Clean, professional reports ready for documentation and review
- Python 3.8+
- API key for your chosen LLM provider
-
Clone the repository
git clone <repository-url> cd td-ai-evaluator
-
Install dependencies
pip install -r requirements.txt
-
Configure environment
cp env.example .env
Edit
.envwith your configuration:LLM_MODEL_NAME=openai/gpt-5 OPENAI_API_KEY=your_openai_api_key_here INPUT_THREAT_SCHEMA_JSON=owasp.threat-dragon.schema.V2.json
-
Prepare input files
- The Threat Dragon schema file is already in
./input/schema/ - Place your threat model JSON files in
./input/
- The Threat Dragon schema file is already in
-
Run the application
python src/main.py
-
Check results
- Markdown reports will be in
./output/markdown/ - DOCX reports will be in
./output/docx/ - PDF reports will be in
./output/
- Markdown reports will be in
| Variable | Description | Example |
|---|---|---|
LLM_MODEL_NAME |
LLM model identifier | openai/gpt-5 |
INPUT_THREAT_SCHEMA_JSON |
Threat Dragon schema filename | owasp.threat-dragon.schema.V2.json |
You can adjust LLM parameters in src/ai_client.py:
temperature: Controls randomness (0.0=deterministic, 1.0=creative). Default: 0.1 (both individual and combined reports)max_tokens: Maximum tokens in response. Default: 48000 (individual reports), 30000 (combined reports)timeout: Request timeout in seconds. Default: 14400 (4 hours)
td-ai-evaluator/
├── src/
│ ├── main.py # Main application entry point
│ ├── ai_client.py # LLM integration and report generation
│ ├── utils.py # File operations and format conversions
│ └── config.py # Configuration and path constants
├── input/ # Input files directory
│ ├── schema/
│ │ └── owasp.threat-dragon.schema.V2.json
│ └── *.json # Threat model files
├── output/ # Generated output directory
│ ├── markdown/ # Markdown reports
│ ├── docx/ # DOCX reports
│ └── logs/ # Application logs
├── prompt-report.txt # AI threat model evaluation prompt
├── prompt-combined.txt # AI combined report generation prompt
├── env.example # Environment configuration template
├── requirements.txt # Python dependencies
└── README.md # This file
- Input Processing: Loads Threat Dragon schema and discovers all threat model JSON files
- Automatic Mode Detection:
- Single File: Generates individual threat model report
- Multiple Files: Generates comprehensive combined report comparing all models
- AI Analysis: Uses LLM to analyze threat model(s) and evaluate security posture
- Report Generation: Creates comprehensive markdown reports with threat analysis and recommendations
- Format Conversion: Converts markdown reports to DOCX and PDF formats
- Output Organization: Saves all reports in organized output directories
The tool generates comprehensive security assessment reports with:
- Threat Analysis: Detailed evaluation of identified threats and vulnerabilities
- Risk Assessment: Risk levels and impact analysis for each threat
- Recommendations: Actionable security recommendations and best practices
- Model Overview: Summary of system components and architecture
- Security Posture: Overall security assessment and maturity evaluation
- Markdown: Clean, readable format for documentation and version control
- DOCX: Professional Word documents with proper formatting
- PDF: Final reports ready for distribution and review
- Comparative Analysis: Side-by-side comparison of all threat models
- Threats & Mitigations Ranking: Ranks models by their security maturity
- Overall Model Maturity: Evaluates shared DFD architecture across models
- Individual Model Evaluations: Detailed analysis of each model's threats and mitigations
- Executive Summary: High-level overview suitable for stakeholders
- Timeout Issues: Increase
timeoutvalue inai_client.pyfor large models - Token Limits: Adjust
max_tokensbased on model capabilities - Empty Responses: Check LLM API key and model availability
- API Key Errors: Ensure correct environment variables are set in
.env - Model Not Found: Verify model name format matches provider requirements
- File Not Found: Ensure threat model JSON files are in
./input/directory
- Missing Reports: Check
./output/logs/for error messages - Format Issues: Ensure Microsoft Word is installed for PDF conversion
- Empty Reports: Verify threat model files are valid JSON
- Use faster models for quick assessments
- Process multiple models in batch for efficiency
- Monitor token usage to control costs
# Install dependencies
pip install -r requirements.txt
# Run the application
python src/main.pymain.py: Orchestrates report generation and batch processingai_client.py: Handles LLM communication and report generationutils.py: File operations and format conversions (Markdown, DOCX, PDF)config.py: Centralized configuration and path management
Edit prompt-report.txt and prompt-combined.txt to customize:
- Report structure and format
- Analysis depth and focus areas
- Security frameworks and methodologies
- Add provider configuration to
env.example - Update provider table in README
- Test with sample threat model
This project is licensed under the Apache 2.0 License - see the LICENSE file for details.
- OWASP Threat Dragon for the excellent threat modeling framework
- LiteLLM for seamless multi-LLM support
For more information about cybersecurity and AI projects, visit my blog at https://infosecotb.com.
Built for security professionals and threat modeling evaluators