How to use AI to Simulate Attack Paths in Threat Modeling

Threat modeling is still failing in the one place it has to win: showing how you actually get breached

Neat diagrams, clean risk lists, and a long trail of considered threats. They look resposible in a review...until an attacker links two or three gaps across identity, APIs, and cloud controls and the entire model turns out to be a snapshot of the wrong reality.

The issue lies in the shape of the output. Traditional threat models describe isolated issues, an exposed endpoint here, an over-permissive role there, an input validation concern somewhere else, and they stop short of what matters to you as a security leader: the end-to-end path an attacker can take today, through your system as it actually runs, to the assets that would hurt your business.

That's why teams keep closing tickets and still staying exposed, because they are treating a list of risks as proof of safety instead of proving exploitability and blast radius.

This is quickly getting worse because of the ever-changing nature of your architecture. New services ship, permissions drift, third-party integrations multiply, and your identity layer becomes the glue attackers pull on to move laterally. The breach patterns everyone is dealing with right now are rarely a single catastrophic flaw, but chains of small weaknesses that no one prioritized because each one looked survivable in isolation.

Static threat models can’t track those chains, and a quarterly workshop does not match a system that changes every sprint, sometimes every day.

Table of contents

1. Why Traditional Threat Modeling Can’t Expose Real Attack Paths
2. How AI Simulates Attack Paths Instead of Listing Threats
3. What Can You Gain from Attack Path Simulation
4. From Documenting Risk to Understanding How You’ll Be Breached

Why traditional Threat Modeling can’t expose real attack paths

Do you actually understand how you're exposed? That sounds harsh, yet a lot of organizations perform threat modeling only for the sake of doing it. It's not even because their team lacks skill or effort. The method most teams use was built to inventory risks around components, and attackers win by exploiting interactions between components.

Traditional threat modeling usually starts with a diagram, a set of trust boundaries, and a list of threats mapped to boxes. That work has value, especially for getting teams aligned on what exists and where data moves. The problem shows up when leadership assumes that output explains how a breach unfolds end to end, because it usually doesn’t.

How traditional threat modeling breaks down

It focuses on components instead of interactions

Most models treat “service A,” “API gateway,” “auth service,” “database” as discrete units and ask what could go wrong inside each one. Attack paths live in the seams: token exchange, service-to-service authorization, shared secrets, caching layers, queue consumers, build pipelines, and operational tooling. Those seams are where small gaps stack into a straight line to sensitive data or privileged control planes.

It treats threats as static entries instead of sequences

Threat catalogs and STRIDE-style worksheets tend to flatten reality. You end up with spoofing, tampering, information disclosure, each attached to a component, then maybe a mitigation note. Attackers do sequences: initial foothold, privilege shaping, lateral movement, persistence, data access, and cleanup. When the model does not represent sequences, prioritization breaks, because exploitability and blast radius are properties of a chain, not a single node.

It relies on workshops and documents that go stale immediately.

A threat model that depends on a live meeting, a snapshot diagram, and a doc that sits in Confluence becomes outdated the moment the system changes. Modern teams ship changes through feature flags, config, policy updates, and new integrations that never make it back into the model. A stale model does not simply miss edge cases, it misses the current security reality.

Why this fails harder in modern environments

The gap between threats listed and attack paths proven widens as architectures get more distributed and more identity-driven.

Microservices and distributed systems multiply trust decisions

Every internal request becomes an auth decision, explicit or implicit. mTLS, service identities, sidecars, gateways, and policy engines create a layered trust model that rarely lives in one diagram. A threat model that stops at service talks to service misses the question that matters: what claims does the caller present, what does the callee accept, what does the policy actually enforce, and what happens when one of those assumptions breaks.

Identity-driven access creates lateral movement opportunities

Most real breaches are shaped by identity: leaked tokens, overly broad roles, permissive federation, long-lived credentials, weak session controls, and confusing boundaries between human and workload identities. Once an attacker holds any token that can call internal services, the question becomes about identity reach, and traditional models usually do not compute that reach.

Third-party integrations and cloud-native trust models create indirect blast radius

SaaS apps, managed services, CI/CD platforms, and observability tooling connect into the same identity fabric. A low-risk integration can become a high-impact pivot when it can read secrets, assume roles, write to storage, publish to queues, or trigger builds. Traditional modeling often documents the integration, then stops short of tracing the permissions and transitive trust that come with it.

An example that looks low severity until the chain appears

Picture a common pattern: a microservice that exposes an internal endpoint used for operations, plus a cloud role used by workloads to access other services.

• Service billing-worker exposes an internal admin endpoint /debug/config that returns feature flags and environment metadata. The team labels it low severity because it sits behind the service mesh and requires a service token.
• The service runs on Kubernetes with a workload identity that can assume an AWS role BillingWorkerRole. The role includes permissions like ssm:GetParameter on a path used for configuration, and s3:GetObject on a bucket that stores exports. The permissions look routine, and nobody flags them as dangerous.
• A separate service reporting-api accepts JWTs from users, then calls internal services using a service-to-service token minted by the mesh. During a refactor, an authorization policy allows reporting-api to call billing-worker for support tooling, and that policy is permissive across namespaces.

Now an attacker finds a bug that produces a foothold in reporting-api, something like SSRF through a PDF generation feature, or a request smuggling issue that reaches an internal route. That single bug is ugly, yet teams often treat it as contained because it starts in one service. The real damage shows up because that foothold can request a mesh-issued token, call billing-worker, hit /debug/config, and learn exactly which parameter paths and buckets matter. With those details, the attacker pivots into the workload identity, then uses ssm:GetParameter to retrieve sensitive configuration, and follows that with access to exported data in S3. Nothing about /debug/config looks critical in isolation, and the IAM role looks like standard plumbing in isolation, yet the chain turns it into customer-impacting data access.

Traditional threat modeling tends to miss this because the risky behavior is distributed across three places that rarely get modeled together:

1. Service-to-service trust rules (who can call what, under which identity, under which policy engine).
2. Token shape and claims (what the mesh mints, what services accept, what scopes exist in practice).
3. Cloud permissions and transitive access (what the workload can read or assume once a token or identity gets abused).

A model that only lists “SSRF in reporting-api” and “debug endpoint leaks info” will not show the breach path. A model that shows the breach path changes the priority instantly, because it proves exploitability and blast radius, and it tells you exactly which link in the chain to break.

Traditional threat models rarely reflect how attackers operate because attackers think in paths and reachability, and most threat modeling outputs are static catalogs tied to components. Doing more workshops and producing more diagrams increases activity, not clarity, unless the method changes to represent sequences, permissions, and real interactions.

How AI Simulates Attack Paths Instead of Listing Threats

Attack path simulation means you model a breach as a connected chain, then you test whether the chain is possible given your real architecture, identities, permissions, and data flows. You are no longer asking what threats exist, but instead, you are asking about what can an attacker do next from, and what do they reach when they succeed.

What attack path simulation actually means

A simulated attack path has structure and logic, and it is easy to sanity-check when the model is correct. It generally looks like this:

• Entry point: public-facing surface (API endpoint, webhook, UI flow), internal surface reachable through SSRF, exposed admin plane, CI/CD trigger, compromised developer workstation, leaked token, or third-party integration with excessive permissions.
• Pivot: movement from the initial foothold into adjacent services through service discovery, queue publishing, internal APIs, shared secrets, metadata endpoints, misrouted auth, or trust policies that allow broad east-west calls.
• Escalation: permission upgrades through role assumption, overbroad IAM policies, Kubernetes RBAC, cloud federation misconfigurations, token replay, weak boundary controls between workloads and humans, or insecure defaults in service-to-service auth.
• Impact: access to sensitive data, privilege to change infrastructure, ability to alter business logic, disruption of availability, fraud, or persistent access through keys, tokens, backdoors, and automation hooks.

‍

That sequence is the baseline, and the simulation becomes meaningful once it models decisions and constraints, because real attackers adapt. They try the next best option when one move fails, they choose quieter pivots when detection is strong, and they target the asset that creates the most leverage.

‍

So instead of a static list of vulnerabilities, attack path simulation evaluates things like:

• Which identities can call which services, with which claims, scopes, audiences, and lifetimes.
• Which network paths exist in reality (east-west rules, mesh policy, VPC routing, private endpoints, ingress controllers).
• Which permissions create transitive access (role assumption chains, wildcard resource policies, permissions inherited through groups or workload bindings).
• Which data flows create downstream exposure (what systems receive the output of a compromised service, what keys are used, what queues feed critical workflows).
• Which controls actually block progression (authn, authz, segmentation, rate limiting, egress controls, secrets boundaries, policy engines, and monitoring tied to enforcement).

How AI enables this when it is doing the right job

Attack path simulation is hard to do manually at scale because the inputs are scattered, inconsistent, and constantly changing. AI helps when it can build a single connected view from those messy sources and keep it current.

It understands relationships

A useful system maps the graph of dependencies and trust:

• Service-to-service calls (gateways, meshes, internal APIs, queues, event buses).
• Identity relationships (OIDC providers, workload identity, IAM roles, RBAC bindings, token issuance and validation points).
• Data relationships (classification, where sensitive fields appear, where they propagate, which storage and analytics sinks receive them).
• Control relationships (where policy is enforced, where it is advisory, where exceptions live, where drift occurs).

It correlates design, code, and architecture into one model

Threat modeling breaks when design says one thing, code implements another, and cloud permissions quietly change on a Tuesday. AI earns its keep when it can connect these into a coherent picture:

• Design docs and diagrams define intended flows and boundaries.
• Code and configuration reveal actual endpoints, auth checks, libraries, and error paths.
• Cloud and platform controls define reachability and privilege, including policies, roles, security groups, Kubernetes objects, secrets stores, and CI/CD permissions.

When those sources disagree, the model should surface the mismatch, because mismatches are where breaches hide.

It applies known attack techniques to your specific system

Generic top threats lists do not help much once you already know the basics. Simulation becomes valuable when the model can take real attacker playbooks and test them against your environment:

• Credential and token abuse mapped to your identity flows and session controls.
• SSRF mapped to your internal routing, metadata exposure, and egress controls.
• Permission escalation mapped to your IAM policies, role trust relationships, and federation settings.
• Lateral movement mapped to service mesh policy, internal DNS, queue publish permissions, and shared secrets patterns.
• Data access mapped to where sensitive data flows, where it is cached, exported, logged, or replicated.

This is where AI for threat modeling stops being marketing and becomes an engineering capability that can generate plausible paths, then validate them against the system graph so you get fewer fantasy scenarios and more actionable paths.

What changes compared to rules-based tools and static checklists

Rules-based tools can find issues, but they struggle to answer the questions you actually need for prioritization and executive communication. Attack path simulation changes the unit of analysis from finding to path, and that reshapes everything downstream.

Risk is scored based on exploitability in context

Severity becomes less important than whether an attacker can chain the issue into privilege or data access. A “low” severity exposure can outrank a “critical” CVE when it unlocks a direct route to crown jewels through reachable trust relationships.

Findings change as architecture or permissions change

The model updates when a new service gets added, when a role gets broadened, when an endpoint becomes reachable through a new integration, or when a policy exception gets merged. This matters because your risk posture changes without a code deployment, and traditional threat modeling tends to miss that shift.

Focus shifts from issue counts to paths that matter

Instead of reporting “we found 83 threats,” you can report having two viable paths from an external entry point to regulated data, and the exact controls that break them. That is the difference between security theater and defensible risk reduction.

How to evaluate AI-based approaches without hype

The fastest way to evaluate an AI threat modeling approach is to ask whether it can do three things reliably, because those three determine whether it will reduce risk or create noise.

1. Can it build and maintain a system graph that reflects reality? Look for ingestion from architecture docs, repositories, API specs, cloud configs, and identity providers, then verify it can represent trust boundaries, permissions, and service interactions without hand-maintained diagrams.
2. Can it generate and validate multi-step paths, with explicit assumptions? A useful system shows the entry point, the pivots, the escalation mechanics, and the impact, and it should state what it assumed about reachability, identity, and controls so your team can challenge it.
3. Can it prioritize based on path viability and business impact, and keep that priority current? You want scoring tied to exploitability and blast radius in your environment, plus drift-aware updates when permissions, routes, or dependencies change.

When an AI system does those three things, it stops being a faster way to produce threat lists and becomes a way to expose real attack paths while the system is still changing. That is where threat modeling starts to feel operational instead of ceremonial.

What Can You Gain from Attack Path Simulation

Attack path simulation pays off when it changes how you run security, not when it produces a fancier diagram. CISOs and product security leaders live in the gap between limited engineering time and unlimited ways a system can fail, so the win is simple: you see which attack chains are real, you break the ones that matter first, and you can explain that decision without hand-waving.

You prioritize the control that breaks the chain

Most security programs burn effort because findings are treated as independent problems. A vulnerability here, a misconfiguration there, a risky permission somewhere else. Attack path simulation forces everything into context, and that context exposes leverage points.

Instead of trying to eliminate every issue, you focus on the few controls that collapse entire paths.

That usually leads to prioritization decisions like:

• Tightening a single IAM role that multiple services rely on, rather than chasing dozens of downstream findings.
• Fixing one overly permissive service-to-service trust policy that enables lateral movement across namespaces or environments.
• Changing token scope, audience, or lifetime so stolen credentials stop being useful after the initial foothold.
• Adding one authorization check at a choke point instead of patching every reachable endpoint.
• Blocking a single egress route that turns SSRF from an annoyance into a full compromise.
• Removing implicit trust between workloads that quietly expanded over time through convenience-driven exceptions.

One well-chosen control often shuts down more risk than weeks of ticket-driven remediation.

You make high-risk decisions earlier, when they are still cheap

Attack path simulation becomes most powerful before code reaches production, because design-stage decisions define blast radius long before scanners and alerts enter the picture. You stop discovering exposure after deployment and start seeing it while architecture is still fluid.

This changes how reviews play out:

• New internal APIs get evaluated based on what identities can realistically call them and what those calls unlock downstream.
• Minor permission changes get treated as security-relevant events, because the model shows what new paths those permissions enable.
• Third-party integrations get assessed based on transitive trust and data access, not just surface-level scopes.
• Infrastructure changes get reviewed for lateral movement implications, not just perimeter exposure.
• Feature-level decisions surface security tradeoffs early enough to adjust design, instead of filing tickets after the fact.

Security leaders gain back time because fewer surprises show up late, and fewer escalations turn into emergency rework.

You explain exposure in terms executives actually understand

Boards and executives do not need to understand service meshes, IAM policy syntax, or token claims. They need clarity on exposure, impact, and whether risk is trending in the right direction. Attack path simulation gives you that clarity without oversimplifying reality.

Instead of reporting abstract metrics, you can explain risk in concrete terms:

• Where an attacker realistically gets in.
• What systems and data become reachable after that foothold.
• Which controls block progression today.
• Which changes increase or decrease reachability over time.

That leads to conversations grounded in facts, not fear or guesswork. You can show how a new integration expanded access, how a permission cleanup reduced blast radius, or how a design change eliminated a path entirely. Over time, leadership sees security as something that actively shapes business risk, not something that reacts to it.

You reduce irrelevant findings by tying them to real exploitation scenarios

Security programs slow down when everything looks important. Attack path simulation cuts through that by filtering findings through reachability, identity context, and actual impact.

The operational effect is immediate:

• Findings that cannot be chained into escalation or data access stop clogging engineering backlogs.
• Duplicate issues across tools collapse into a single path-level narrative.
• False positives lose influence because they fail to connect to viable attack sequences.
• Remediation guidance becomes clearer because the model shows which link in the chain matters most.

Teams stop arguing about severity labels and start aligning around exploitability and business impact.

Attack path simulation gives you control over complexity. You break real attack chains instead of chasing isolated issues, you make decisions earlier when they cost less, you communicate exposure in terms leadership understands, and you reduce noise by grounding findings in realistic attacker behavior.

That combination leads to fewer surprises, faster reviews, and a security program that keeps up with systems that change every week, not one that explains failures after the fact.

From Documenting Risk to Understanding How You’ll Be Breached

Can we clearly explain how an attacker would move through our system today, using our current architecture, identities, and permissions?

A sensible way to answer that question is not to overhaul everything at once. Pick one high-risk system, one that handles sensitive data or critical business logic, and pilot attack path simulation there. See whether it surfaces paths your current threat models never showed. See whether it changes what you prioritize, how early you intervene, and how clearly you can explain exposure to leadership. Let the results determine how far you take it.

For teams looking to explore this approach with experienced practitioners, we45’s AI security services focus on applying attack path thinking to real systems, real architectures, and real constraints.

At the end of the day, the shift is not about better documentation. It is about understanding how you would actually be breached, and fixing the paths that make that outcome possible.