Artificial Intelligence (AI) is rapidly becoming a cornerstone of modern business and technology. While it drives innovation through predictive analytics and autonomous systems, AI also introduces unique security risks that traditional threat models fail to fully address.
To help organisations mitigate these risks, researchers have developed PLOT4AI: a threat modelling framework designed specifically for AI systems. This methodology builds on classic security models such as STRIDE, taking into account the data-centric, model-centric and operational vulnerabilities of AI systems.
Why Do We Need Threat Modeling for AI?
AI systems differ fundamentally from traditional software.
- They learn from data instead of using a special kind of computer programming called “deterministic programming”.
- They interact with external ecosystems, such as APIs, cloud ML pipelines and third-party datasets.
- Their behaviour can be non-transparent and non-deterministic.
Consequently, AI systems present new attack surfaces, including data poisoning, model extraction, adversarial inputs and ethical risks such as bias and privacy violations. Without a structured way to analyse these risks, organisations are blind to potential threats.
This is where PLOT4AI comes in.
What is PLOT4AI?
PLOT4AI is a threat modelling approach that has been tailored for use with AI systems. It focuses on the four core dimensions of risk.
| Dimension | What It Covers |
| Processing | Threats targeting data pipelines and model workflows, such as poisoned datasets and insecure ML pipelines. |
| Logic | Vulnerabilities in the logic or algorithms of AI models (e.g. adversarial examples or backdoors). |
| Operations | There are also operational risks in AI deployment, such as API abuse, model theft and a lack of auditability. |
| Transparency | There are also ethical and regulatory risks, such as biased outputs, a lack of explainability and GDPR non-compliance |
Each dimension corresponds to common threat vectors and offers practical mitigation strategies.
Key Threat Categories in PLOT4AI
Threats are categorised and analysed by PLOT4AI in the following way:
| Threat | Mitigation | |
| Processing | Data poisoning: Attackers manipulate training data to influence the outcomes of models. | Data validation, anomaly detection and robust machine learning (ML) algorithms. |
| Supply chain attacks: Vulnerabilities in third-party machine learning (ML) libraries or application programming interfaces (APIs). | Dependency scanning, code signing and vendor security assessments. | |
| Logic | Adversarial examples: Inputs that are designed to mislead models (e.g. image perturbations that fool vision systems). | Adversarial training, input validation and robust model architectures. |
| Model backdoors Hidden logic triggered by specific inputs. | Model auditing and interpretability tools. | |
| Operations | Model theft (extraction): Attackers replicate models by querying APIs. | Rate limiting, query monitoring and differential privacy techniques. |
| API abuse: The overuse or misuse of AI APIs can lead to denial of service or information leakage. | Strong authentication, throttling and anomaly detection. | |
| Transparency | Algorithmic bias: Discriminatory outputs that harm specific groups. | Bias audits, fairness metrics and diverse datasets. |
| Lack of explainability: Black-box AI decisions may violate regulatory requirements (e.g., GDPR’s “right to explanation”). | Explainable AI (XAI) techniques and model interpretability. |
How to Apply PLOT4AI in Your Organisation
- Map the AI System – Identify assets: datasets, models, APIs, and deployment environments.
- Identify Threats – Use PLOT4AI’s four dimensions as a checklist to brainstorm possible attacks.
- Prioritise Risks – Evaluate the likelihood and impact of each threat based on your threat landscape.
- Implement Mitigations – Apply defence-in-depth strategies to your data, models and infrastructure.
- Review Regularly – AI systems develop over time, so update the threat model to reflect new risks and controls.
The Future of AI Security
AI is a high-value, high-risk asset. Therefore, in order to ensure its security, it must be treated with the same rigour as critical infrastructure. PLOT4AI helps organisations to build secure, resilient and trustworthy AI systems that can withstand both technical and regulatory challenges.
Start integrating PLOT4AI with our Dfency team today to protect your AI investments and safeguard your users.