Your Threat Model is Stuck in 2015

Why you should think differently

Most organizations build their threat model once — and never touch it again.

It becomes a checkbox artifact that looks great in audits but ages faster than your favorite SIEM dashboard.

Here’s the uncomfortable truth:

Most threat models are still fighting yesterday’s wars.

Back in 2015, our biggest fears were perimeter breaches, phishing, and ransomware. But the world has changed. Cloud-native apps, AI-driven automation, and identity sprawl have rewritten the rules of engagement. Yet many teams still operate with a “castle and moat” mindset — even though the castle has long been replaced by APIs, SaaS platforms, and third-party integrations that stretch across continents.

Today, the threats are different — and more subtle. Attackers don’t always break in; sometimes, they log in. Misconfigured IAM policies, over-permissive roles, and supply chain dependencies have become the new entry points. Still, many teams spend 80% of their time modeling direct attacks and almost none on trust relationships that can be exploited silently.

If your threat model still starts with “Attacker tries to breach the firewall,” it’s time for a serious update.

Here’s how to modernize it:

1. Model business processes, not just systems.
   Threats aren’t isolated to infrastructure anymore — they live within workflows. A compromised CI/CD token or manipulated AI model can cause more damage than an unpatched server. Follow the data, not just the IPs.

2. Bring identity to the center.
   In 2025, your real perimeter is identity. Map who has access to what, and what they can do with it. Assume credentials will leak and design for blast radius reduction.

3. Include your dependencies.
   Your vendors and third-party APIs are part of your attack surface. If your threat model ignores them, you’re modeling fiction.

4. Evolve it continuously.
   A threat model should be a living artifact. Revisit it quarterly, after major architecture changes, or when new threat intel emerges.

In a world of dynamic systems, static models are dangerous.

A good threat model isn’t a document — it’s a discipline.

Because the biggest risk isn’t missing a new zero-day.
It’s assuming your old assumptions still hold true.

So, take a fresh look at your threat model.

The attackers already have.