Threat Modeling

v1.0.0Securitystable

MCP server for threat modeling

threat-modelingmcpai-integration
Share:
47
Stars
0
Downloads
0
Weekly
0/5

What is Threat Modeling?

Threat Modeling is a Model Context Protocol (MCP) server that allows AI assistants like Claude, Cursor, and VS Code to mcp server for threat modeling

MCP server for threat modeling

This server falls under the Security category on MCPgee, the world's largest MCP server directory with 33,000+ servers.

Features

  • MCP server for threat modeling

Use Cases

Identify security threats and risks with AI assistance
Create threat models for applications and systems
awslabs

Maintainer

LicenseApache-2.0
Languagepython
Versionv1.0.0
UpdatedMay 22, 2026
Statushealthy
Maintenanceactive

Works with

ClaudeOpenAIwindowsmacoslinux

Installation

Manual Installation

npx threat-modeling

Configuration

Configuration Details

Config File

claude_desktop_config.json

Performance

Response Metrics

Response Time< 200ms
ThroughputMedium

Resource Usage

Memory UsageLow
CPU UsageLow

How to Set Up and Use Threat Modeling

The AWS Labs Threat Modeling MCP Server brings structured, AI-assisted threat modeling directly into your development workflow via the Model Context Protocol. It exposes 100+ specialized tools covering every phase of threat modeling — from business context analysis and architecture documentation to threat actor identification, trust boundary analysis, asset flow tracking, and mitigation implementation. Security engineers and developers can point it at their codebase and get comprehensive threat models generated and saved to a .threatmodel directory, then ask Claude to implement mitigation controls in the actual code.

Prerequisites

  • Python 3.10 or later with uv and uvx installed
  • An MCP-compatible client such as Claude Desktop, Amazon Q Developer, VS Code with Cline, or Kiro
  • Git installed (the server is installed directly from GitHub via uvx)
  • The codebase or project you want to threat-model accessible locally
1

Install uv and uvx

The threat modeling server is run via uvx directly from GitHub. Install uv first if you don't have it.

curl -LsSf https://astral.sh/uv/install.sh | sh
2

Test the server installs correctly

Run the server once via uvx to confirm it installs and starts without errors. Press Ctrl+C to stop after confirming.

uvx --from git+https://github.com/awslabs/threat-modeling-mcp-server.git threat-modeling-mcp-server
3

Add to your MCP client configuration

Edit your MCP client's config file to register the threat modeling server. The config location varies by client: Claude Desktop uses claude_desktop_config.json, Amazon Q uses ~/.aws/amazonq/mcp.json, Kiro uses ~/.kiro/settings/mcp.json.

{
  "mcpServers": {
    "threat-modeling-mcp-server": {
      "command": "uvx",
      "args": [
        "--from",
        "git+https://github.com/awslabs/threat-modeling-mcp-server.git",
        "threat-modeling-mcp-server"
      ],
      "env": {
        "FASTMCP_LOG_LEVEL": "ERROR"
      }
    }
  }
}
4

Restart your MCP client

Fully quit and reopen your MCP client to load the new configuration. The server will be downloaded and started on first use.

5

Run your first threat model

Open your project in the MCP client and ask it to threat-model your code. The server will walk through business context, architecture, threat identification, and mitigation phases, saving all artifacts to a .threatmodel directory in your project.

6

Implement mitigations in code

After the threat model is generated, ask Claude to implement the suggested mitigation controls directly in your codebase. The server's code security validation tools will verify the implementations.

Threat Modeling Examples

Client configuration

Add this block to your claude_desktop_config.json or your IDE's MCP settings file to register the AWS threat modeling server.

{
  "mcpServers": {
    "threat-modeling-mcp-server": {
      "command": "uvx",
      "args": [
        "--from",
        "git+https://github.com/awslabs/threat-modeling-mcp-server.git",
        "threat-modeling-mcp-server"
      ],
      "env": {
        "FASTMCP_LOG_LEVEL": "ERROR"
      }
    }
  }
}

Prompts to try

Use these prompts in your MCP client to generate and act on threat models for your project.

- "Threat model this project using the threat modeling MCP server"
- "Threat model the src/ subfolder and identify trust boundary risks"
- "Save the threat model report to the .threatmodel directory"
- "Identify all threat actors relevant to this web application"
- "Implement mitigation controls in the code based on the identified threats"
- "Validate the security of the authentication module against known threats"

Troubleshooting Threat Modeling

uvx fails to install the server — Git or network errors during install

Ensure Git is installed and accessible on your PATH. Check your internet connection. If behind a corporate proxy, set the HTTPS_PROXY environment variable before running uvx.

Too many tool approval prompts interrupting the workflow

Add an autoApprove list to your config for the server's tools, or use Kiro CLI with the --trust-tools flag: 'kiro-cli chat --trust-tools="@threat-modeling-mcp-server/*"'. The server has 100+ tools so manual approval for each is impractical.

.threatmodel directory not created after running threat model

Ensure your MCP client has write access to the project directory. Run the threat model from within the project root. You can also explicitly ask Claude to 'save the threat model report' to trigger file creation.

Frequently Asked Questions about Threat Modeling

What is Threat Modeling?

Threat Modeling is a Model Context Protocol (MCP) server that mcp server for threat modeling It connects AI assistants to external tools and data sources through a standardized interface.

How do I install Threat Modeling?

Follow the installation instructions on the Threat Modeling GitHub repository. Clone the repo, install dependencies, and add the server config to your AI client.

Which AI clients work with Threat Modeling?

Threat Modeling works with all major MCP-compatible AI clients including Claude Desktop, Claude Code, Cursor, VS Code (GitHub Copilot), Windsurf, and Cline.

Is Threat Modeling free to use?

Yes, Threat Modeling is open source and available under the Apache-2.0 license. You can use it freely in both personal and commercial projects.

Threat Modeling Alternatives — Similar Security Servers

Looking for alternatives to Threat Modeling? Here are other popular security servers you can use with Claude, Cursor, and VS Code.

Casdoor

13.6k

An open-source Agent-first Identity and Access Management (IAM) /LLM MCP & agent gateway and auth server with web UI supporting OpenClaw, MCP, OAuth, OIDC, SAML, CAS, LDAP, SCIM, WebAuthn, TOTP, MFA, Face ID, Google Workspace, Azure AD

ghidraMCP

9.0k

An Model Context Protocol server that enables LLMs to autonomously reverse engineer applications by exposing Ghidra's decompilation and analysis tools. It allows AI agents to list code structures, rename methods, and analyze binaries directly through

HexStrike AI

8.9k

HexStrike AI MCP Agents is an advanced MCP server that lets AI agents (Claude, GPT, Copilot, etc.) autonomously run 150+ cybersecurity tools for automated pentesting, vulnerability discovery, bug bounty automation, and security research. Seamlessly b

IDA Pro MCP

8.7k

Enables AI-assisted reverse engineering in IDA Pro by providing tools to analyze binaries, decompile functions, manage comments, search patterns, and interact with the IDA database through natural language.

Anthropic Cybersecurity Skills

6.6k

754 structured cybersecurity skills for AI agents · Mapped to 5 frameworks: MITRE ATT&CK, NIST CSF 2.0, MITRE ATLAS, D3FEND & NIST AI RMF · agentskills.io standard · Works with Claude Code, GitHub Copilot, Codex CLI, Cursor, Gemini CLI & 20+ platform

Hooker

5.1k

🔥🔥 hooker is a Frida-based reverse engineering toolkit for Android. It offers a user-friendly CLI, universal scripts, auto hook generation, memory roaming to detect activities/services, one-click SOCKS5 proxy setup, Frida JustTrustMe, and BoringSSL u

Browse More Security MCP Servers

Explore all security servers available in the MCPgee directory. Each server includes setup guides for Claude, Cursor, and VS Code.

Quick Config Preview

{ "mcpServers": { "threat-modeling": { "command": "npx", "args": ["-y", "threat-modeling"] } } }

Add this to your claude_desktop_config.json or .cursor/mcp.json

Read the full setup guide →

Ready to use Threat Modeling?

Browse our complete directory of 33,000+ MCP servers, read setup guides for your editor, and start building with the Model Context Protocol.

33,000+ ServersFree & Open SourceStep-by-Step Guides