Why a model — not a checklist
Traditional security tooling assumes a perimeter: something to sit behind, patch, and monitor. AI systems break that assumption. A model can be coaxed into leaking data with nothing more than a cleverly worded prompt. An agent with too much autonomy can call a production API no one signed off on. The training pipeline itself becomes a target.
A threat model beats a checklist because it forces you to ask three questions of every part of your AI stack: how could this be attacked, what does it cost us if it is, and what control stops it. The interactive map above pairs each of the ten vectors with exactly those three answers.
The three layers of AI risk
The ten vectors group into three layers. Reading them this way makes it obvious where a given control belongs.
- The model & its inputs — prompt injection, data poisoning, model inversion, and drift. These attack what the model knows and how it behaves.
- Data & access — sensitive-data leakage and credential or API-key theft. These attack what the model can reach.
- Agents & governance — unauthorized tool invocation, supply-chain risk, excessive autonomy, and compliance gaps. These attack what the model is allowed to do.
Where most enterprises are exposed
In our assessments, the gaps cluster on the agent and governance layer. Teams ship a capable model, wire it to internal tools to make it useful, and never define the boundary of what those tools are allowed to do on the model's say-so. That single omission turns vectors 6 through 10 — tool invocation, supply chain, autonomy, and compliance — from theoretical into live.
The fix is rarely a new product. It's allow-listing the actions an agent can take, scoping and rotating the keys it holds, keeping a human in the loop on consequential decisions, and logging everything for audit. Boring controls, applied deliberately — which is exactly what a threat model gives you the structure to do.