Threat Modeling
MCP server for threat modeling
What is Threat Modeling?
Threat Modeling is a Model Context Protocol (MCP) server that allows AI assistants like Claude, Cursor, and VS Code to mcp server for threat modeling
MCP server for threat modeling
This server falls under the Security category on MCPgee, the world's largest MCP server directory with 33,000+ servers.
Features
- MCP server for threat modeling
Use Cases
Maintainer
Works with
Installation
Manual Installation
npx threat-modelingConfiguration
Configuration Details
claude_desktop_config.json
Performance
Response Metrics
Resource Usage
How to Set Up and Use Threat Modeling
The AWS Labs Threat Modeling MCP Server brings structured, AI-assisted threat modeling directly into your development workflow via the Model Context Protocol. It exposes 100+ specialized tools covering every phase of threat modeling — from business context analysis and architecture documentation to threat actor identification, trust boundary analysis, asset flow tracking, and mitigation implementation. Security engineers and developers can point it at their codebase and get comprehensive threat models generated and saved to a .threatmodel directory, then ask Claude to implement mitigation controls in the actual code.
Prerequisites
- Python 3.10 or later with uv and uvx installed
- An MCP-compatible client such as Claude Desktop, Amazon Q Developer, VS Code with Cline, or Kiro
- Git installed (the server is installed directly from GitHub via uvx)
- The codebase or project you want to threat-model accessible locally
Install uv and uvx
The threat modeling server is run via uvx directly from GitHub. Install uv first if you don't have it.
curl -LsSf https://astral.sh/uv/install.sh | shTest the server installs correctly
Run the server once via uvx to confirm it installs and starts without errors. Press Ctrl+C to stop after confirming.
uvx --from git+https://github.com/awslabs/threat-modeling-mcp-server.git threat-modeling-mcp-serverAdd to your MCP client configuration
Edit your MCP client's config file to register the threat modeling server. The config location varies by client: Claude Desktop uses claude_desktop_config.json, Amazon Q uses ~/.aws/amazonq/mcp.json, Kiro uses ~/.kiro/settings/mcp.json.
{
"mcpServers": {
"threat-modeling-mcp-server": {
"command": "uvx",
"args": [
"--from",
"git+https://github.com/awslabs/threat-modeling-mcp-server.git",
"threat-modeling-mcp-server"
],
"env": {
"FASTMCP_LOG_LEVEL": "ERROR"
}
}
}
}Restart your MCP client
Fully quit and reopen your MCP client to load the new configuration. The server will be downloaded and started on first use.
Run your first threat model
Open your project in the MCP client and ask it to threat-model your code. The server will walk through business context, architecture, threat identification, and mitigation phases, saving all artifacts to a .threatmodel directory in your project.
Implement mitigations in code
After the threat model is generated, ask Claude to implement the suggested mitigation controls directly in your codebase. The server's code security validation tools will verify the implementations.
Threat Modeling Examples
Client configuration
Add this block to your claude_desktop_config.json or your IDE's MCP settings file to register the AWS threat modeling server.
{
"mcpServers": {
"threat-modeling-mcp-server": {
"command": "uvx",
"args": [
"--from",
"git+https://github.com/awslabs/threat-modeling-mcp-server.git",
"threat-modeling-mcp-server"
],
"env": {
"FASTMCP_LOG_LEVEL": "ERROR"
}
}
}
}Prompts to try
Use these prompts in your MCP client to generate and act on threat models for your project.
- "Threat model this project using the threat modeling MCP server"
- "Threat model the src/ subfolder and identify trust boundary risks"
- "Save the threat model report to the .threatmodel directory"
- "Identify all threat actors relevant to this web application"
- "Implement mitigation controls in the code based on the identified threats"
- "Validate the security of the authentication module against known threats"Troubleshooting Threat Modeling
uvx fails to install the server — Git or network errors during install
Ensure Git is installed and accessible on your PATH. Check your internet connection. If behind a corporate proxy, set the HTTPS_PROXY environment variable before running uvx.
Too many tool approval prompts interrupting the workflow
Add an autoApprove list to your config for the server's tools, or use Kiro CLI with the --trust-tools flag: 'kiro-cli chat --trust-tools="@threat-modeling-mcp-server/*"'. The server has 100+ tools so manual approval for each is impractical.
.threatmodel directory not created after running threat model
Ensure your MCP client has write access to the project directory. Run the threat model from within the project root. You can also explicitly ask Claude to 'save the threat model report' to trigger file creation.
Frequently Asked Questions about Threat Modeling
What is Threat Modeling?
Threat Modeling is a Model Context Protocol (MCP) server that mcp server for threat modeling It connects AI assistants to external tools and data sources through a standardized interface.
How do I install Threat Modeling?
Follow the installation instructions on the Threat Modeling GitHub repository. Clone the repo, install dependencies, and add the server config to your AI client.
Which AI clients work with Threat Modeling?
Threat Modeling works with all major MCP-compatible AI clients including Claude Desktop, Claude Code, Cursor, VS Code (GitHub Copilot), Windsurf, and Cline.
Is Threat Modeling free to use?
Yes, Threat Modeling is open source and available under the Apache-2.0 license. You can use it freely in both personal and commercial projects.
Threat Modeling Alternatives — Similar Security Servers
Looking for alternatives to Threat Modeling? Here are other popular security servers you can use with Claude, Cursor, and VS Code.
Casdoor
★ 13.6kAn open-source Agent-first Identity and Access Management (IAM) /LLM MCP & agent gateway and auth server with web UI supporting OpenClaw, MCP, OAuth, OIDC, SAML, CAS, LDAP, SCIM, WebAuthn, TOTP, MFA, Face ID, Google Workspace, Azure AD
ghidraMCP
★ 9.0kAn Model Context Protocol server that enables LLMs to autonomously reverse engineer applications by exposing Ghidra's decompilation and analysis tools. It allows AI agents to list code structures, rename methods, and analyze binaries directly through
HexStrike AI
★ 8.9kHexStrike AI MCP Agents is an advanced MCP server that lets AI agents (Claude, GPT, Copilot, etc.) autonomously run 150+ cybersecurity tools for automated pentesting, vulnerability discovery, bug bounty automation, and security research. Seamlessly b
IDA Pro MCP
★ 8.7kEnables AI-assisted reverse engineering in IDA Pro by providing tools to analyze binaries, decompile functions, manage comments, search patterns, and interact with the IDA database through natural language.
Anthropic Cybersecurity Skills
★ 6.6k754 structured cybersecurity skills for AI agents · Mapped to 5 frameworks: MITRE ATT&CK, NIST CSF 2.0, MITRE ATLAS, D3FEND & NIST AI RMF · agentskills.io standard · Works with Claude Code, GitHub Copilot, Codex CLI, Cursor, Gemini CLI & 20+ platform
Hooker
★ 5.1k🔥🔥 hooker is a Frida-based reverse engineering toolkit for Android. It offers a user-friendly CLI, universal scripts, auto hook generation, memory roaming to detect activities/services, one-click SOCKS5 proxy setup, Frida JustTrustMe, and BoringSSL u
Browse More Security MCP Servers
Explore all security servers available in the MCPgee directory. Each server includes setup guides for Claude, Cursor, and VS Code.
Set Up Threat Modeling in Your Editor
Choose your AI client for step-by-step setup instructions.
Quick Config Preview
Add this to your claude_desktop_config.json or .cursor/mcp.json
Ready to use Threat Modeling?
Browse our complete directory of 33,000+ MCP servers, read setup guides for your editor, and start building with the Model Context Protocol.