All activity
TMDD keeps a threat model inside your repo and makes AI coding agents security-aware.
As teams use Cursor, Claude Code and other agents to ship features fast, business logic and authorization bugs are easy to miss. SAST/DAST rarely catch them.
TMDD:
• Stores a threat model (YAML format) in your repo
• Lets AI agents update it alongside code
• Generates secure-by-design prompts
• Produces a full report with data flow diagram
Threat modeling as code - versioned, reviewable, agent-friendly.
attasec/tmddVersion-controlled threat modeling with AI for dev teams
Mikołaj Kowalczykleft a comment
Yes, and what makes it even more difficult are Reddit / forums mods that are removing literally every post that contains any type of link, even if you're linking useful OSS tool, which is free to use and available on Github :D
Have you ever felt like building is easier than being seen?
shreya chaurasiaJoin the discussion
Mikołaj Kowalczykstarted a discussion
Building an app that automates threat modeling
Hey guys, I wanted to share my project - I hope this forum topic will be a correct one. I built TMDD - an open source CLI that keeps a version-controlled threat model (YAML format) inside your repo and generates security-aware prompts for AI coding agents. So what is threat model? It is a simple document where you write down what you’re building, how someone could abuse or break it, and how...