Generative AI is making headlines as it creates new risks and exacerbates existing ones – affecting areas from data privacy and security to potential malfunctions, vulnerabilities and new attack vector threat landscape grows more complex. As much as AI is creating more risks, it’s also helping tech teams build stronger cyber defense. JPMorganChase built the AI Threat Modeling Co-Pilot (AITMC), a solution that helps its engineers better model threats earlier and more efficiently in the software development lifecycle.
Traditionally, threat modeling required specialized expertise to identify potential threats and implement controls. However, the rapid growth of application estates, sophisticated threats and new standards necessitate scaling these efforts. AITMC addresses this by combining generative AI with expert feedback, frameworks, and industry best practices, ensuring accurate and effective threat modeling.
Throughout the development of AITMC, which included deep technical workshops and hackathons with enterprise architecture, early testers across JPMorganChase’s lines of businesses weighed in to ensure the solution meets the firm’s diverse needs.
By building trust and fostering collaboration, the AITMC is poised to improve the risk posture of every application firmwide. AITMC’s early adopters are already seeing the impact it has had on efficiency and threat discovery. The co-pilot has driven 20% efficiency in our threat modeling process enabling faster models of new systems and broader scale. In addition the AITMC has uncovered an average of nine additional novel threats per model created, creating safer and more resilient software products. As the solution continues to mature, these numbers are expected to increase, further supporting customers across the firm.
The key benefits of the AITMC is its ability to democratize secure by design, by providing insights on threats and guidelines on controls to architects and developers early. This proactive AI-driven approach reduces the cost of systems development and enhances the resiliency of our systems to cyber threats.
For more information about JPMorganChase’s AI Threat Modeling Co-Pilot, visit here.