Platform Walkthrough

ThreatVault

A step-by-step demonstration of how ThreatVault moves from raw threat intelligence to confirmed remediation.

AI Track
NeuralStrike Group
Threat actor targeting enterprise AI & ML systems
CTI Track
SilkPhantom Group
Threat actor targeting SaaS platforms via supply chain
↓ SCROLL TO BEGIN
1. Ingest
2. Profile
3. Fingerprint (future)
4. Map (future)
5. Validate (future)
6. Remediate (future)
01
Live Feature
Threat Intelligence Ingestion
ThreatVault automatically collects and processes intelligence from multiple global sources — identifying active threat actors and their known indicators.
How ThreatVault Processes AI Threat Intelligence
① Collect
Raw AI threat data gathered from adversarial ML research, incident reports and security advisories
  • MITRE ATLAS adversarial technique matrix
  • AI Incident Database reports
  • Model theft & extraction incidents
  • Adversarial ML research papers & PoCs
② Enrich
Each AI threat enriched with attack context and model targeting metadata
  • Attack vector — query API, training pipeline, model file
  • Model architecture targeted (LLM, CNN, GNN)
  • Known evasion success rates per framework
  • Affected runtimes (PyTorch, TensorFlow, ONNX)
③ Correlate
Attack patterns linked through shared adversarial objectives and tooling
  • Campaign clusters by target model type
  • Shared perturbation families across actors
  • Infrastructure reuse across model theft ops
  • TTP similarity scores across AI-targeting groups
④ AI Attribution
Graph model maps unattributed adversarial probes to known actor fingerprints
  • Query volume patterns linked to NeuralStrike
  • Perturbation signature similarity scores
  • Predicted extraction attempt timelines
  • Cross-campaign infrastructure overlap flags
  • New attack signatures added to actor profile
⑤ Profile Ready
Complete adversary profile with AI-specific attack catalogue generated
  • Full NeuralStrike adversary dossier
  • MITRE ATLAS technique mapping
  • Known model targets & extraction methods
  • Sector focus & campaign history
  • Recommended AI-specific detection rules
Intelligence Sources Processed
SourceTypeRecordsActor Mentions
MITRE ATLAS v2.0Framework9,84714
AI Incident Database 2024Incident3127
Adversarial ML Research (arXiv)Research2,1043
MLSecOps Community FeedOSINT8915
NIST AI RMF AdvisoryAdvisory282
Known Attack Signatures — NeuralStrike
SignatureTypeSeverityFramework
pgd-l2-eps0.3-iter40PerturbationCRITICALPyTorch
knockoff-nets-resnet50ExtractionHIGHAny
shadow-model-query-floodExtractionHIGHTensorFlow
prompt-injection-v4-llmInjectionMEDIUMLLM APIs
data-poison-label-flipPoisoningHIGHAny
AI Prediction
12 additional inference API endpoints identified as likely NeuralStrike reconnaissance targets based on query pattern similarity and model architecture exposure. Confidence: 71–89%.
1. Ingest
2. Profile
3. Fingerprint (future)
4. Map (future)
5. Validate (future)
6. Remediate (future)
02
Live Feature
Adversary Dossier
AI automatically generates a structured profile of the threat actor — mapping their tactics, tools, targets, and predicted infrastructure.
NeuralStrike — Adversary Dossier
Actor
NeuralStrike
Category
State-Sponsored / Industrial Espionage
Target Sectors
AI/ML Platforms, Autonomous Systems, Healthcare AI, FinTech ML
Primary Goal
Model intellectual property theft, adversarial evasion for downstream attacks
Active Since
Early 2023
Confidence
High — 8 confirmed model extraction incidents
Tactics, Techniques & Tools
ATLAS TECHNIQUES
AML.T0006 Model Extraction AML.T0043 Adversarial Evasion AML.T0019 Infer Training Data AML.T0051 LLM Prompt Injection
TOOLS USED
Knockoff Nets ART (Adversarial Robustness Toolbox) PromptInject v4
ACTIVE CAMPAIGNS
Operation ModelHeist (2024) CognitiveBlind (2024) ShadowQuery (2023)
🔲 Future Phase
1. Ingest
2. Profile
3. Fingerprint (future)
4. Map (future)
5. Validate (future)
6. Remediate (future)
03
Roadmap
Target Asset Discovery
ThreatVault automatically scans the target organization's digital footprint — identifying exposed systems, services, and potential weaknesses.
Acme Corp — AI Assets Discovered
AssetTypeExposureRisk
Fraud Detection Model APIInference APIPublic endpointHIGH
Document OCR PipelineML PipelineInternalMEDIUM
Recommendation EngineInference APIPublic endpointHIGH
MLflow Model RegistryModel StoreInternal (open S3)CRITICAL
LLM Chat AssistantLLM APIPublic endpointCRITICAL
Vulnerabilities Identified
WeaknessAsset AffectedSeverity
No query rate limiting on inference APIFraud Detection APICRITICAL
LLM exposes system prompt via injectionLLM Chat AssistantCRITICAL
Model file in unauthenticated S3 bucketMLflow RegistryHIGH
Recommendation API returns raw logits (extraction-ready)Recommendation APIHIGH
🔲 Future Phase
1. Ingest
2. Profile
3. Fingerprint (future)
4. Map (future)
5. Validate (future)
6. Remediate (future)
04
Roadmap
Threat-to-Target Mapping
ThreatVault matches the threat actor's known capabilities directly against the target organization's exposed assets — producing a personalized risk score.
Threat-to-Asset Match — NeuralStrike vs Acme Corp
Actor CapabilityMatching AssetMatchRisk
Model Extraction (AML.T0006)Fraud Detection API — no rate limitDIRECTCRITICAL
Prompt Injection (AML.T0051)LLM Chat AssistantDIRECTCRITICAL
Model File TheftUnauthenticated S3 model bucketDIRECTHIGH
Logit-Based Clone (AML.T0043)Recommendation API returns raw logitsPARTIALHIGH
Overall Risk Score — CRITICAL
NeuralStrike's model extraction toolkit directly matches 3 exploitable weaknesses in Acme Corp's AI stack. The unprotected fraud detection API could be fully cloned via Operation ModelHeist techniques in under 48 hours.
Risk Breakdown
Direct Model Download via Open S399%
Fraud Model Extraction via Query Flood96%
LLM Prompt Injection / System Prompt Leak91%
Recommendation Model Clone via Logits67%
🔲 Future Phase
1. Ingest
2. Profile
3. Fingerprint (future)
4. Map (future)
5. Validate (future)
6. Remediate (future)
05
Roadmap
Safe Threat Validation
Firecracker spins up an isolated replica of the target environment and safely tests whether the identified threats can be exploited — without touching live systems.
Firecracker — AI Robustness Validation
TestTargetTechniqueResult
Knockoff Nets Model CloneFraud Detection APIAML.T0006VULNERABLE
Prompt Injection — System Prompt LeakLLM Chat AssistantAML.T0051VULNERABLE
S3 Unauthenticated Model DownloadMLflow RegistryFile AccessVULNERABLE
PGD Adversarial Evasion — Fraud BypassFraud Detection APIAML.T0043PROTECTED
Validation Summary
3 of 4 attack paths confirmed exploitable. NeuralStrike could clone the fraud detection model in ~48 hours using public query-based extraction tools. The unauthenticated S3 bucket exposes the model file directly — no queries needed. Immediate action required.
Isolated Test Environment
SAFE Tests run in fully isolated Firecracker microVMs
SAFE No live production AI models were queried
SAFE Environment destroyed after testing
INFO Test duration: 9 min 43 sec
INFO Environment snapshot: acme-ai-stack-v2.1
🔲 Future Phase
1. Ingest
2. Profile
3. Fingerprint (future)
4. Map (future)
5. Validate (future)
6. Remediate (future)
06
Roadmap
Remediation & Response
ThreatVault generates a complete remediation package — from technical fixes for your security team to a plain-English summary for your leadership.
Technical Fixes
  • Lock S3 model bucket — restrict access to authorised IAM roles only, enable bucket policy and versioning
  • Rate-limit fraud detection API — max 500 queries/min per client; require API key authentication
  • Deploy LLM input/output guardrails — block system prompt extraction patterns and PII leakage
  • Switch recommendation API to return class labels only — strip raw logit values from responses
Detection Rules Generated
  • SIEM rule: Alert on inference API — >200 queries/min from single IP (extraction probe pattern)
  • SIEM rule: Alert on S3 GetObject calls to model-registry bucket from outside VPC
  • LLM guardrail: Block prompt patterns matching known injection templates (PromptInject v4 signatures)
  • Model watermark: Embed steganographic fingerprint — detect if cloned model is deployed externally
Executive Summary
Board Summary
A threat group targeting AI companies can steal your fraud detection model today — it's sitting in a public storage bucket. Once stolen, adversaries can craft transactions that bypass your model undetected. Four specific fixes close this gap this week.
PDF Report Ready STIX Export Ready Detection Rules Ready