Threat Forge is an open-source, cross-platform desktop app for threat modeling. Visual diagrams, automated STRIDE analysis, and AI-powered threat discovery — in a clean, git-friendly format.
threatforge.dev
Most threat modeling tools are either enterprise-locked or stuck in 2016. Threat Forge fills the gap with a modern UI, clean file format, and AI assistance — no procurement cycle required.
Drag-and-drop canvas with 44 typed components across 10 categories. Connection handles auto-route between elements. Trust boundaries and text annotations included.
Built-in rule engine applies Microsoft's STRIDE-per-element methodology. Generates threats automatically based on element types and data flow patterns. Works fully offline.
Chat with Claude or GPT about your threat model. The AI sees your full architecture and suggests threats, proposes mitigations, or answers security questions. BYOK.
Human-readable, git-diffable YAML files. No opaque binary formats. Review threat models in PRs, track changes over time, and version your security analysis.
Start from six production-quality templates: Cloud Microservices, E-Commerce, Mobile Banking, SaaS Platform, IoT Smart Building, and Healthcare System.
Runs on macOS, Windows, and Linux. Built with Tauri v2 and React — native performance with a ~10MB binary. No Electron bloat.
Threat Forge is released under the Apache 2.0 license. No freemium upsells, no telemetry, no enterprise-only features. The full application — including STRIDE engine, AI integration, and all templates — is available to everyone. Security tooling should be accessible, not gated behind a sales call.
Download Threat Forge for macOS, Windows, or Linux. Start with a template or build your threat model from scratch.
~10MB download. No account required. Your threat models stay on your machine.