The diagram stopped. The architecture didn't.
Microsoft Threat Modeling Tool gave a generation of architects a shared way to draw STRIDE diagrams and reason about a design before it shipped. ThreatModeler® Nexus™ keeps that same architecture-first discipline, then keeps the model current automatically as your cloud environment, infrastructure as code, and release cycle keep moving underneath it.
A static diagram can't track a moving system. The architecture review needs a model that updates with it.
Three things a desktop diagram was never built for.
TMT standardized how a team reasons about STRIDE on a single design. The architecture review around that design has since outgrown what a static diagram can hold.
ThreatModeler Nexus vs. Microsoft TMT
Same discipline TMT introduced. A different amount of it stays manual.
| Category | ThreatModeler Nexus | Microsoft TMT |
|---|---|---|
| Import & modeling | Builds and maintains the model automatically from imported diagrams, cloud architecture, or IaC. | Requires a user to draw and update STRIDE data-flow diagrams by hand in a Windows desktop app. |
| Cloud & IaC coverage | Continuous modeling across AWS, Azure, Google Cloud, and infrastructure as code. | No native connection to a cloud account or IaC source; the diagram reflects what was drawn, not what's deployed. |
| Automation & intelligence | A rules engine and the Graph Agent map controls and prioritize threats as the design changes. | Generates a threat list from the diagram's shapes; review and disposition of each item is manual. |
| Content library | Continuously curated library of components, threats, and requirements, updated centrally. | Threat and stencil templates are open source on GitHub; updates depend on the community or the user's own edits. |
| SDLC & DevOps integration | Connects to Jira, Azure DevOps, GitHub, and ServiceNow so findings travel with the work. | Standalone desktop application; no native integration with ticketing or CI/CD tools. |
| Compliance & reporting | Automated mapping across 180+ frameworks with audit-ready reports. | Exports the diagram's threat list as a report; framework mapping isn't built in. |
| Where it runs | Cloud platform reachable across the SDLC, plus an MCP Server for AI assistants, IDEs, and CI/CD. | A click-to-download Windows application, used one diagram at a time. |
The same architecture-first habit. Carried by a platform instead of a person.
ThreatModeler Nexus starts where TMT always started, with the system's design, then keeps that design current and connected instead of leaving it to whoever last opened the file. The System Mapping Agent turns diagrams, IaC, and cloud sources into a model-ready map; the Graph Agent keeps controls and threats current as the design evolves; the Reporting Agent turns the model into the report an auditor or a board can actually use.
Starts from what you already have
Builds a model-ready system map from hand-drawn diagrams, design tools, cloud sources, and IaC, including direct import of existing TMT files.
Keeps the model current
Maps components to threats and controls and adjusts automatically as the design changes, so the model doesn't go stale the way a saved diagram does.
Makes the model defensible
Turns the model into compliance-mapped, audit-ready reporting, so the answer to an auditor's question is a click, not a redraw.
Built on more than a decade of curated research.
A regulated bank moved off manual threat modeling onto ThreatModeler and cut threat modeling effort by 50%, freeing the architecture review to spend its time on the design instead of the diagram.
Source: Charles Schwab case study, ThreatModeler. Frameworks figure: ThreatModeler Threat Research Center.