New Year, New ThreatCanvas Features: Revolutionizing Automated Threat Modeling

In the dynamic world of cybersecurity, staying ahead of threats is a constant challenge for organizations. SecureFlag’s ThreatCanvas is a game-changer in this arena, offering an automated Threat Modeling solution that is both efficient and comprehensive. With its latest updates, ThreatCanvas has further solidified its position as an indispensable tool for developers and organizations keen on improving their security posture at scale.

ThreatCanvas: A Brief Overview

ThreatCanvas is SecureFlag’s innovative solution designed to automate the process of Threat Modeling. It stands out by its ability to generate detailed Threat Models from either a textual description or Infrastructure-as-Code (IaC) for applications or even specific functionalities. This capability is crucial for developers, allowing them to conduct a thorough Threat Model analysis of every story before diving into the development phase without relying on the security team. The result is a significant reduction in security rework in later development stages, saving organizations both time and money.

New Functionalities in ThreatCanvas

SecureFlag has recently introduced several exciting features to ThreatCanvas, enhancing its functionality and user experience.

Saving Threat Models

Users now have the flexibility to save Threat Models in their library. This feature comes with three different visibility levels:

  • Private: the model is accessible only to its owner.

  • Team: accessible to users who are part of the same SecureFlag Team.

  • Organization: accessible to users within the same SecureFlag Organization.

This tiered visibility ensures that the right level of confidentiality and collaboration is maintained across different organizational structures.

Saving Threat Models

Sharing Threat Models

Alongside saving models, users can share them based on the set visibility levels. Additionally, there is an option to restrict or allow modifications by other users. In cases where modifications are not permitted, users can save a copy of the model and edit it, ensuring flexibility and control over the model’s integrity.

Sharing Threat Models

Threat Model Revisions (AI-Powered)

A standout feature is the AI-powered revision history. This feature not only enhances understanding of the model’s evolution but also aids in tracking and auditing changes effectively.

Threat Model Revisions List

ThreatCanvas allows users to view past revisions of the Threat Model, and leveraging AI, it extracts and presents the changes from previous versions in a clear, textual format.

Saving Threat Revision Changes

Threat Model Report (AI-Powered)

Another innovative addition is the AI-powered Threat Model Report. This feature generates a comprehensive PDF report of the Threat Model, including a list of identified threats and mitigating controls.

Threat Model Report Risk

What sets this apart is the AI-generated textual summary of the Threat Model. This summary is written to be easily understandable by a diverse audience, including developers, business analysts, and executives, ensuring that the insights are accessible to all stakeholders.

Threat Model Report Summary


Threat Modeling, a critical process that identifies potential security issues from the design phase, has traditionally been an unscalable, time-consuming and complex task. However, with ThreatCanvas, this has changed. By automating Threat Modeling, ThreatCanvas makes it a scalable and integral part of the software development lifecycle. This automation not only streamlines the process but also empowers developers to proactively address security exposures, significantly reducing the time and costs associated with security rework post-development.
The introduction of these new features further consolidates ThreatCanvas’s position as a standalone solution in Threat Modeling. It’s not just about identifying risks anymore; it’s about doing so efficiently, collaboratively, and in a manner that is seamlessly integrated into the development process. SecureFlag’s commitment to innovation and security excellence makes ThreatCanvas an essential asset for any organization serious about its cybersecurity.

Read more about ThreatCanvas and Risk Templates on our previous blog posts.