Built to secure
what's next.
ThreatModeler is a leader in agentic threat modeling and secure design. We've spent more than a decade building the intelligence layer that lets enterprises understand what could go wrong before it does, and govern how they respond when the answer changes.
Where the platform came from.
ThreatModeler was founded in 2010 with a conviction that security decisions belong at the architecture layer, not the remediation layer. The question was never just "what vulnerabilities are present?" It was "what was this system supposed to do, where does trust exist, and what could go wrong if that intent is violated?"
That architecture-first discipline guided everything: how threat models are built, how controls are placed, how risk is documented, and how security decisions scale across a portfolio.
IriusRisk was built on a parallel conviction from a different starting point. Where ThreatModeler approached security from the enterprise architecture layer, IriusRisk approached it from the practitioner and developer layer, building deep threat library depth, European regulatory expertise, and a global community of threat modeling practitioners who needed methodology to be repeatable, not theoretical.
Two companies. Two angles on the same problem. And together, the assets to build something neither could create alone.
ThreatModeler founded
Launched with a focus on automated, architecture-first threat modeling at enterprise scale. The core thesis: security decisions made at the architecture layer prevent far more risk than remediation ever can.
Building the substrate
Both ThreatModeler and IriusRisk spent years codifying real-world threat modeling knowledge into structured form: components, threats, controls, compliance mappings, design patterns, and the verified relationships between them.
ThreatModeler and IriusRisk join forces
Two companies that had independently built the deepest threat modeling knowledge in the industry combined their assets into a single platform. Not a consolidation: the creation of something neither company could be alone.
ThreatModeler Nexus
The platform expression of the combined company: three specialized AI agents, the Secure Design Graph, and the agentic infrastructure to operationalize secure design across the modern enterprise at a pace and scale no prior approach could match.
Two companies built the same knowledge base from different directions.
Neither ThreatModeler nor IriusRisk could build the Secure Design Graph alone. Together, they could. That is what the combination created: the industry's deepest connected representation of how components, threats, controls, and compliance map to real systems.
Architecture-first enterprise depth
- Automated threat modeling at enterprise scale, built from the ground up
- Architecture-aware analysis: components, data flows, trust boundaries, and attacker path reasoning
- Proven deployment across global financial services, healthcare, and critical infrastructure
- 13 granted patents in threat modeling and secure design methodology
- Cloud and IaC-native threat modeling across AWS, Azure, and Google Cloud
Practitioner depth and regulatory precision
- Deep threat library built from years of real-world practitioner usage and community feedback
- European regulatory expertise across GDPR, DORA, EU AI Act, NIS2, and related frameworks
- Developer-facing threat modeling methodology designed to scale without security specialists
- Global community of threat modeling practitioners using the platform in production
- Compliance mapping precision across 180+ frameworks built from practitioner verification, not inference
The convictions behind the platform.
ThreatModeler Nexus was not built from a feature list. It was built from a set of convictions about how security works at enterprise scale and what it takes to make it repeatable.
Security belongs at the architecture layer
The most consequential security decisions happen before code is written. Finding and fixing vulnerabilities downstream is necessary. Preventing them upstream is the discipline that makes security programs scalable.
AI accelerates. The platform governs.
Speed without structure is a liability in enterprise security. ThreatModeler Nexus uses AI to accelerate the work and the Secure Design Graph to govern the outcome, so what could go wrong does not depend on who asks or which model answers.
Decisions need a system of record
A threat model generated once and never updated is a liability, not an asset. The Secure Design Graph makes threat modeling continuous: capturing what was decided, why it mattered, how the system evolved, and what changed.
Repeatability is the real product
One well-built threat model is useful. A platform that produces consistent outputs across thousands of models, teams, and systems is what security programs actually need to scale. That is what ThreatModeler Nexus is built to deliver.
Security and engineering are the same team
Threat modeling works when it is embedded in how systems are built, not bolted on after. ThreatModeler Nexus puts the right information in front of the right role, from developer to architect to CISO, from the same source of truth.
Defensible answers, not just fast ones
In regulated industries, under audit, and in front of a board, speed is not the metric that matters. Defensibility is. Every output ThreatModeler Nexus produces is traceable to architecture, grounded in the Graph, and built to hold up under scrutiny.
Executive team
Kevin Gallagher
Chief Executive Officer
Archie Agarwal
Founder & Advisor
Karen Higgins
Chief Financial Officer
Krishna Bala, Ph.D.
Chief Technology Officer
Mike LeBlanc
Chief Revenue Officer
Anthony Lombardo
Vice President, Marketing
Pratik Thakker
Chief Information Security Officer
Stephen De Vries
Chief Strategy Officer
Ben Oster
Chief Product Officer
Sarah Wheeler
Chief People Officer
See ThreatModeler Nexus in your environment.
Book a 30-minute session with a solutions engineer. We'll map your current threat modeling process to the platform and show you exactly where it changes.