attasec/tmdd
Version-controlled threat modeling with AI for dev teams
Start new thread
Mikołaj Kowalczyk

attasec/tmdd - Version-controlled threat modeling with AI for dev teams

by
TMDD keeps a threat model inside your repo and makes AI coding agents security-aware. As teams use Cursor, Claude Code and other agents to ship features fast, business logic and authorization bugs are easy to miss. SAST/DAST rarely catch them. TMDD: • Stores a threat model (YAML format) in your repo • Lets AI agents update it alongside code • Generates secure-by-design prompts • Produces a full report with data flow diagram Threat modeling as code - versioned, reviewable, agent-friendly.

Add a comment

Replies

Best
Mikołaj Kowalczyk
Maker
📌
Why: As a security engineer, I often see apps with strong “technical” security but vulnerable business logic / authorization. SAST/DAST rarely catch this, and pentests are time-boxed. As coding agents are more and more common, I believe they might be useful for both threat modeling and detecting issues in existing code. I am trying to solve the problem of "low hanging fruit" authorization and business logic security issues in software.