「AI利用系統威脅建模方法評估」報告發布

常見問題

Q: What is the main purpose of this report?

A: The main purpose is to evaluate and compare different threat modeling methods for systems that utilize Artificial Intelligence (AI), providing insights into their effectiveness, advantages, and disadvantages.

Q: What types of AI-utilized systems were evaluated?

A: The evaluation covered three types of AI usage patterns: applications with internal AI functions, applications using external Large Language Models (LLMs), and applications employing agent-based AI.

Q: Which threat modeling methods were assessed?

A: The report assessed three methods: STRIDE, STRIDE+AI, and MAESTRO.

Q: Who conducted the threat modeling?

A: The threat modeling was performed by three teams, each composed of three members, resulting in a total of nine modeling sessions.

Q: What is the intended use of this report?

A: The report is intended to be used as training material for threat modeling of AI-utilized systems and as a reference for professionals conducting actual threat modeling.