Working with Models
Refining a threat model
After generating a model, you can refine it in the same chat session:
- "Add an insider threat attacker with database access"
- "Remove the availability property from the logging asset"
- "Add a trust boundary between the API gateway and backend services"
Each refinement creates a new version of the model. The original is preserved.
You can also refine from the Dashboard or Models page by clicking the refine button on any model card.
Versioning and diffs
Every model is versioned automatically. On the Models page you can:
- View all versions of a model
- Compare any two versions to see a structured diff — additions, removals, and modifications to assets, attackers, and control objectives are color-coded
- Navigate back to previous versions
Sessions
The Sessions page shows your chat conversation history. Each session records:
- Your messages and Mipiti's responses
- Which threat model was created or refined
- The intent classification for each turn
Click any session to replay the full conversation.
Adding, editing, and removing entities
You can directly add, edit, or remove individual assets and attackers without going through chat refinement. In the Assurance tab, expand the "View Model" section:
- Click the + button in a section header to add a new asset or attacker
- Click the pencil icon on any row to edit it
- Click the trash icon to remove it (with confirmation)
Each direct edit creates a new version of the model. Existing implementation controls are automatically carried forward — their implementation status is preserved by remapping control objective references through semantic identity. Controls that only referenced removed entities are dropped.
Three ways to modify a model
| Method | How | LLM involved? | Best for |
|---|---|---|---|
| Direct CRUD | UI buttons (+, pencil, trash) | No | Quick edits — names, properties, risk ratings |
| Targeted edit | "Add a DDoS attacker" | Yes (single-entity) | Adding or editing with LLM reasoning |
| Full refinement | "Restructure the model for API security" | Yes (full model) | Broad structural changes |
When you ask to add, remove, or edit a single entity in the conversation, Mipiti automatically routes to a fast targeted operation instead of regenerating the entire model. For broader instructions, it falls back to full refinement.
Managing control groups
When controls are generated, the LLM assigns each control to a mitigation group for each CO it covers. See Control Alternatives and Defense-in-Depth for how groups work.
In the CO drill-down view on the Assurance page, each control shows its group assignment as a badge:
- Group N (indigo badge) — the control belongs to mitigation group N
- Defense-in-depth (gray badge) — the control has no group and doesn't affect mitigation status
The summary for each CO shows which groups are complete and which are incomplete. When multiple groups exist for the same CO, they represent alternative paths — completing any one group mitigates the CO.
Editing risk ratings
Each asset has an impact rating and each attacker has a likelihood rating (High / Medium / Low). These are assigned by the LLM during generation but can be adjusted manually.
To edit risk ratings, expand the "View Model" section on either the Assurance tab or the Models tab. Use the inline dropdown next to any asset's impact or attacker's likelihood to change the value. Changes cascade immediately — all related control objectives recompute their risk tier.
You can also click on asset or attacker IDs shown in CO views to navigate directly to the target entity for editing.
See the Methodology page for full details on how impact, likelihood, and risk tiers relate to each other.
Model names
When you generate a model, Mipiti automatically creates a concise 3-5 word name (e.g., "Payment Gateway API") from your feature description. This name appears on model cards, the assurance dashboard, system compliance pills, and exports.
To rename a model, hover over the name and click the pencil icon. Type the new name and press Enter (or click away) to save. Press Escape to cancel. Renaming is a metadata-only change — it does not create a new version.
You can also rename models via the MCP tool rename_threat_model.
Querying a model
You can ask questions about an existing model without changing it:
- "Which assets have the Usage property?"
- "How many control objectives cover the authentication token?"
- "What assumptions did you make about the network?"
Queries use the model as context but do not create new versions.
Selecting a compliance framework
You can link a compliance framework (e.g., OWASP ASVS 5.0) to any model:
- Open the Compliance tab on the model
- Select one or more frameworks
- If controls already exist, click Auto-Map Controls to create mappings
- If controls have not been generated yet, the next generation will include framework requirements automatically
Framework selection affects control generation — the LLM sees the framework's requirements and maps controls to them. See the Compliance page for gap analysis, remediation, and exclusions.