attasec/tmdd – Version-controlled threat modeling with AI integration for development teams

Summary: TMDD stores threat models in YAML format within code repositories and enables AI coding agents to update them alongside code. It generates secure-by-design prompts and produces comprehensive reports with data flow diagrams to address business logic and authorization vulnerabilities missed by traditional security tools.

What it does

TMDD integrates threat modeling as code, allowing AI agents to maintain and update threat models in the repo while generating reports and secure prompts to enhance security during development.

Who it's for

It is designed for development teams using AI coding agents who need to manage and review threat models alongside their code.

Why it matters

TMDD addresses business logic and authorization security issues that static and dynamic analysis tools often miss, improving detection during the coding process.