For ThreatModeler Customers
The ThreatModeler you know, now Nexus.
Your upgrade from version 7.5 to ThreatModeler Nexus is an evolution of the platform you already use — seamless, free, and managed by your Customer Success team.
What the merger made possible
Two leaders. One thing neither could build alone.
ThreatModeler and IriusRisk had each separately built highly capable platforms for the enterprise. Together, we built what neither could create independently: a single governed platform that connects system architecture to AI, runs continuously across the SDLC, and makes defensible threat modeling accessible to every team. The ThreatModeler platform you already trust is the foundation it's built on.
The Secure Design Graph
Over a decade of verified relationships between components, threats, controls, and compliance — consolidated into one connected asset no competitor can rebuild from public sources.
Agentic AI, built in
Three specialized agents that model your architecture, enrich the Graph, and generate reports continuously — with no blank canvas or manual diagramming to start.
Enterprise at scale
MCP server, RBAC, Bring Your Own AI, and 180+ compliance frameworks — all governed, auditable, and built for the way the largest enterprises actually operate.
Your questions
A safe home for your questions.
Everything you need to know about what changes, what doesn't, and what comes next.
Continue working with your existing Customer Success Manager or account contact — they're your best route for anything specific to your environment or upgrade. Media and analyst inquiries can be directed to marketing@threatmodeler.com.
Over the coming months we're building a unified, comprehensive knowledge base, academy, and community program that bring together the best of both teams. You'll have access to everything you need to use every aspect of the platform, and the ThreatModeler and Threat Modeling Connect communities keep growing rather than fragmenting.
All active engagements continue as planned. The same teams, timelines, and commitments remain in place, and there's no disruption to in-flight work.
It's preserved. The upgrade is built to keep your existing threat models, configurations, and work product intact — so you pick up where you left off, with more capability available to you.
General availability is June 22, 2026. The upgrade then rolls out in waves to manage the experience carefully, so your access date may differ from the GA date. Your Customer Success team will confirm your timing — there's nothing you need to schedule yourself.
No. This is an evolution of the platform you already know, not a move to an unfamiliar system. Your workflows carry forward. What gets deeper is the AI, the governance, and the connected intelligence underneath. You'll recognize where you are from day one.
No action is required on your part. ThreatModeler Nexus (version 26.1) is a seamless upgrade from your current 7.5 release, managed by your Customer Success team. The rollout is designed to keep your existing threat modeling work intact.
Your existing security controls, data protection practices, and compliance commitments remain in place. If any changes are considered in the future, they'll be communicated clearly and implemented with appropriate safeguards.
For now, everything continues to function as it does today — including your integrations, departments, groups, and users. As we progress on merging the two platforms, we'll work directly with you to ensure a smooth transition.
No. Both products already support importing each other's formats, and we will ensure no degradation of data as our platforms merge.
Both products already support importing each other's formats. Providing a simple upgrade path to the combined platform, with your existing threat modeling work kept intact, is a top priority. You won't be left to port everything over on your own.
Yes. Your current avenues for contacting support, along with your service levels and SLAs, remain the same as we begin merging our internal systems. Our goal is for your support experience to maintain the same high quality you expect.
No. This does not change your current licensing model. Your existing contracts and agreements remain intact.
Just the terminology. Across ThreatModeler Nexus, "Countermeasure" has been standardized to "Security Requirement." It's the same concept you already work with — only the label has changed.
Yes. Bring Your Own AI is a built-in capability. You can connect your own model, including frontier models, and the deterministic framework governs the output regardless of which model responds — so AI use stays inside your enterprise policy.
Yes. Outputs are deterministic and grounded in the Secure Design Graph: the same question produces the same governed answer every time, with no variance between sessions. Every output traces back to the same source of truth as the model itself, making it defensible in a compliance or audit conversation.
No capability is lost. The AI is no longer a separate assistant you have to invoke — it's built directly into the platform, available at every step, as three specialized agents that map systems, enrich the Secure Design Graph, and generate reports. Everything you relied on is still there, now deeper, more reliable, and governed by the Graph with consistent, traceable outputs.
You're getting an evolution of the platform you already use, with four headline additions:
- Three integrated AI agents: System Mapping, Graph, and Reporting — working directly on the Secure Design Graph with deeper, more governed capabilities than the assistants they replace.
- The Secure Design Graph: a connected asset model representing over a decade of curated security knowledge, mapping components, threats, controls, and compliance requirements.
- Enterprise governance: granular RBAC, SSO/SAML integration, full audit trails, and Bring Your Own AI support.
- Expanded pipeline integration: the MCP Server, connecting threat modeling directly to IDEs and CI/CD pipelines.
Still have a questions?
Can't find the answer to your question? Contact us and we'll get back to you as soon as possible!
What this means for you
The short version: nothing you rely on breaks.
The upgrade to ThreatModeler Nexus is designed to be seamless. Your subscription, your team, and your work product are protected — and the platform you know carries forward with more capability built in.
01
A free, seamless upgrade
v7.5 to ThreatModeler Nexus (v26.1) is delivered free, managed by CS, with no action required on your part.
02
The platform you know
An evolution of your current platform, not a new system to learn. Your workflows carry forward.
03
Your work stays intact
Your existing threat models, content, and configurations are preserved through the upgrade.
04
Your team and pricing hold
Same CSM, TAM, support, and SLAs. Your current subscription pricing and licensing are unchanged.
What you get
A practical way to learn, model, and share secure design decisions.
Community Edition is built for practitioners, students, developers, architects, and security teams who want to experience threat modeling before scaling it across a program.
01
Cloud made systems harder to reason about.
Modern architectures span APIs, services, identities, data stores, cloud infrastructure, and constantly changing delivery pipelines.
02
AI made behavior harder to predict.
AI-generated code and agentic workflows introduce non-determinism. Security teams need to understand intent, not just scan artifacts.
03
The SDLC now runs at AI speed.
AI coding assistants ship more code and more pull requests every day. Secure design can no longer sit in an early-stage review; it has to happen during build, where software is written and shipped.
04
So we made threat modeling continuous.
ThreatModeler Nexus is governed, repeatable, and architecture-aware, integrated into the way software is actually built rather than bolted on after.
A simple starting point
Use the four-question framework to make threat modeling approachable.
Community Edition helps new and experienced practitioners move from blank page to structured security thinking: architecture, threats, mitigations, and validation.
01
What are we working on?
Capture the system, data flows, components, and trust boundaries.
02
What can go wrong?
Identify relevant threats based on architecture and system context.
03
What are we going to do about it?
Map threats to mitigations, controls, and security requirements.
04
Did we do a good job?
Validate the design, document decisions, and share the outcome.
What this means for customers.
The merger brought together two proven threat modeling teams without disrupting the customers who depend on them. Your contracts, support, and success teams stay in place. What changes is how much more the platform can do.
Continuity in Your Success
The same teams stay focused on your success.
Zero Loss, Full Migration
Your existing work carries forward, with no capability lost.
Next-Gen AI Platform
You gain agentic AI, the Secure Design Graph, and MCP-connected workflows in one governed platform.
Leadership team
The people behind the platform.
The combined company brings together experienced leaders from both organizations, united around one platform for continuous, governed, architecture-aware security.
Sam Keller
Senior Security Architect

Sarah Wheeler
Chief People Officer

Ben Oster
Chief Product Officer

Stephen De Vries
Chief Strategy Officer

Pratik Thakker
Chief Information Security Officer

Anthony Lombardo
Vice President, Marketing

Mike LeBlanc
Chief Revenue Officer

Krishna Bala, Ph.D.
Chief Technology Officer

Karen Higgins
Chief Financial Officer

Archie Agarwal
Founder & Chief Innovation Officer

Kevin Gallagher
Chief Executive Officer
