Apiiro introduces AI Threat Modeling capability in Guardian Agent
Apiiro introduced Artificial Intelligence (AI) Threat Modeling as a capability within Apiiro Guardian Agent, aiming to generate architecture-aware threat models before code exists. The update targets design-phase risk identification for software development efforts that use AI coding agents and produce artifacts ahead of manual processes.
The company said legacy threat modeling tools start and end at the design phase, relying on diagrams and spreadsheets disconnected from code, runtime, and existing compensating controls. It also described standalone threat modeling tools as blind to code or runtime, producing models that can become outdated before review, and creating countermeasures without a way to confirm implementation in code.
In the new capability, AI Threat Modeling applies STRIDE and other frameworks to an organization’s software architecture using what Apiiro described as deep code analysis. Apiiro said the underlying technology continuously discovers, inventories, and visualizes software architecture from code to runtime, then provides contextualized countermeasures tied to architecture and policies across code, artifacts, cloud, and infrastructure layers.
Apiiro said the Guardian Agent AI Threat Modeling capability was integrated across the software development lifecycle, including ticketing and wiki systems, to analyze feature requests and epics. It also cited support for on-demand threat models from uploaded diagrams, product design specification documents, or a screenshot of a whiteboard, and described continuous drift detection to compare threat models against actual implementation.
“Legacy standalone threat modeling tools were built for a previous era of software development,” said Idan Plotnik, Co-Founder and CEO of Apiiro. “In the AI era – where agents generate code, deploy artifacts, and change your software architecture every minute – enterprises need a complete agentic application security platform that can prevent design risks seamlessly and effectively.” AI Threat Modeling was scheduled to be showcased and available for demos during Runtime Security Agent (RSA) Conference 2026.