Mr. Arun Kumar Elengovan

Redefining Threat Modeling: How LLMs Are Transforming a Security Staple ?

Abstract

As enterprise systems grow in complexity, traditional threat modeling—while essential—struggles to keep pace with evolving architectures and shrinking development cycles. This paper explores a novel, LLM-powered approach to threat modeling, where generative AI augments the process by infusing context-awareness, prompt-driven automation, and multimodal input handling. By leveraging techniques such as Retrieval-Augmented Generation (RAG), structured prompt engineering (e.g., COSTAR), and diagram ingestion via multimodal models, organizations can drastically accelerate and enhance their ability to foresee and mitigate potential threats. The methodology also emphasizes human oversight, ensuring that AI output remains grounded in real-world judgment. Framed through a Minority Report-style lens of predictive security, this work presents a systematic, actionable guide to building context-sensitive, scalable threat modeling tools—turning what was once a manual, expert-driven activity into a democratized, AI-assisted practice. The result is a shift-left security state that’s not just efficient, but inevitable.

Profile: 

Arun is Director of Engineering Security at Okta with 15+ years of experience in secure development, architecture, and risk management. He leads a globally distributed team, holds CISSP and CEH certifications, and specializes in cryptography, vulnerability management, and scalable security solutions across complex, distributed systems.

He is widely recognized for advancing security innovation, turning concepts into scalable, production-ready frameworks. With deep expertise in key management systems, AI/LLM security, and cloud-native architecture, Arun brings a forward-thinking approach to modern cybersecurity challenges. As a thought leader, he regularly advises on cross-functional security strategy, leads simulation exercises, and promotes resilient practices across engineering ecosystems. His focus spans cryptographic enforcement, risk mitigation, vulnerability management, and building zero-trust foundations for secure digital transformation.