Update 2.0_Threat_Modeling_for_AI_Systems.md

Added MAESTRO and LLM Powered Training references

Document/content/2.0_Threat_Modeling_for_AI_Systems.md

@@ -20,14 +20,19 @@ Below is an overview of the leading methods used for AI threat modeling:
 - **PASTA [9] (Process for Attack Simulation and Threat Analysis):** A seven-stage, risk-centric framework that aligns technical analysis with business impact.  
 - **STRIDE [10]:** Microsoft’s STRIDE model categorizing threats into Spoofing, Tampering, Repudiation, Information Disclosure, Denial of Service, and Elevation of Privilege.  
 - **MITRE ATLAS [11]:** Maps adversarial ML techniques (evasion, poisoning, model extraction) and corresponding mitigations.  
-- **LINDDUN [12]:** A privacy-focused framework for modeling threats to data confidentiality and compliance (e.g., membership inference, data leakage).  
+- **LINDDUN [12]:** A privacy-focused framework for modeling threats to data confidentiality and compliance (e.g., membership inference, data leakage).
+- **MAESTRO [23]:** A newer, model-driven approach. It uses architecture models and predefined threat catalogs to simulate and infer threats automatically. It’s ideal for complex, highly integrated systems where automation can save time.
 
 Choose a methodology that best aligns with your organization’s objectives, system complexity, and stakeholder needs:  
 - **Business & Risk Alignment:** If your primary goal is to tie security analysis back to concrete business impact (e.g. quantifying loss exposure), a risk-centric framework like PASTA is ideal.  
 - **Scope & Complexity:** Use broad, multi-stage processes (PASTA, MITRE ATLAS) for end-to-end AI pipelines; lighter taxonomies (STRIDE, OWASP LLM Top 10) work well for individual components.  
 - **Audience & Maturity:** Executive and risk-management audiences often prefer high-level, business-focused outputs (PASTA’s business objectives stage, risk registers). Engineering teams may gravitate toward developer-friendly taxonomies (AI-STRIDE or MITRE ATLAS matrices) they can directly map to design patterns and code.  
-- **Privacy vs. Security Focus:** If data confidentiality and compliance are paramount, incorporate a privacy-centric method (LINDDUN) alongside your core security approach. When adversarial robustness is the top concern, ensure your chosen framework includes or can easily integrate adversarial test case design (MITRE ATLAS or custom AI-STRIDE extensions).  
-- **Tool & Process Fit:** Pick a methodology compatible with your existing SDLC, threat-modeling tools, and reporting dashboards. PASTA’s stages work well in risk-management platforms; STRIDE maps easily into threat-modeling tools like Threat Dragon.
+- **Privacy vs. Security Focus:** If data confidentiality and compliance are paramount, incorporate a privacy-centric method (LINDDUN) alongside your core security approach. When adversarial robustness is the top concern, ensure your chosen framework includes or can easily integrate adversarial test case design (MITRE ATLAS or custom AI-STRIDE extensions).
+- **Threat Modeling Automation:** MAESTRO automates AI threat modeling by auto-inferring risks from architecture models, mapping them to predefined AI threat catalogs, and updating the threat model dynamically as systems change. It also prioritizes threats using automated scoring and produces mitigation recommendations aligned with major AI governance frameworks.
+- **LLM Powered Threat Modeling:** Large Language Models, or LLMs, can be used streamline the threat modeling process by automating several steps that are traditionally manual and time-consuming. LLM-augmented threat modeling, as taught in this training [24], uses large language models to accelerate and enhance each stage of the threat-modeling process—automatically generating threats, mitigations, and control recommendations directly from system descriptions—whether that’s text-based documentation, architecture diagrams, or even code.
+- **Tools & Process Fit:** Pick a methodology compatible with your existing SDLC, threat-modeling tools and reporting dashboards. PASTA’s stages work well in risk-management platforms and can be LLM-powwered with LLM Threat Modeling Prompt Templates [25] (Note); STRIDE maps easily to both manual threat-modeling tools like ThreatDragon as well as LLM powered threat modeling tools like STRIDEGPT.
+
+Note: LLM Threat Modeling Prompt Templates are reusable, structured prompts designed to guide Large Language Models in performing threat-modeling tasks consistently and accurately. 
 
 ### AI System Architecture  
 It’s important to map threats to a comprehensive AI architecture. (*) As threats depend on system design, different parts of the AI system (data ingestion, training pipeline, model API, monitoring system) have different vulnerabilities. Without full architecture visibility, critical attack surfaces can be missed. Mapping threats to specific components also allows you to identify where threats can realistically occur, helping to prioritize risks instead of treating the system as a black box. When threats are mapped to the full architecture, layered security controls can be designed at each critical boundary (data, model, APIs, infrastructure), not just at the perimeter. Mapping threats systematically supports structured threat modeling (like STRIDE, PASTA, or LINDDUN for AI) making it easier to design specific, actionable countermeasures. Since threat modeling relies heavily on scope and context, it is crucial to select an architectural scope that reflects the most prevalent AI threats and aligns with the technical and business use cases that underpin most AI applications today.