DISCUSSION: We need to pick three use cases for threat modelling

[mtcolman]

The Use Case and Threat Models subgroup met on Tuesday 16th September 5pm UK time and discussed selecting 3 use cases to threat model and contribute to the OWASP Threat Model Library.

The business level uses cases discussed and preferred by the attendees were:

• chatbot
• code generator
• clinical support/advice/aid

For the latter, the group did not come to a conclusion on what sort of "clinical" AI functionality/capability and that will be added to this thread when it happens.

The purpose of this thread is to allow discussion on the topics above and to make decisions on the focus area of the threat model for the business use case. As covered on the call, the process we wish to follow is:

1. Select business use cases
2. Within the business use case, focus on a system layer/component/area of functionality
3. Confirm lifecycle phase(s) to be covered

This is shown in the diagram below:

Please add your thoughts & comments to this thread. This thread will be discussed and used to finalise decisions in the next subgroup call, on Tuesday 23rd September 5pm UK time.

Thanks!

[P3tra-WP]

on this not adding a Clinical Business Use Case suggestion trying to keep AI the main focus /scope

Clinical Use Case Proposal: AI Clinical Notes Scribe

Business Use Case (High-Level)

An AI system that listens to doctor–patient consultations (via audio recording, live speech-to-text, or integration with electronic health record (EHR) systems) and generates structured clinical notes. The system is intended to reduce clinician administrative burden, improve accuracy of documentation, and support compliance with medical record- keeping requirements.

System in Focus (Decomposed)

1. Speech-to-Text System

• Captures clinician–patient audio.
• Transcribes into text.

2. Summarization & Structuring System (Language Model Layer - main focus)

• Ingests raw transcript.
• Generates structured notes (SOAP format, ICD-10/SNOMED tagging, visit summaries).

3. Review & Approval Interface (could be out of scope)

• Presents draft notes for clinician review.
• Allows editing, acceptance, or rejection.

4. Integration & Storage System (can be out of scope for this)

• Passes approved notes into the Electronic Health Record (EHR).
• Applies coding, indexing, and access controls.

Suggested in Scope Lifecycle Phase Mapping

Development / Training

• Speech-to-Text System: training acoustic/language models on sensitive clinical data.
• Summarisation & Structuring System: fine-tuning on clinical corpora, ontologies (ICD-10/SNOMED).

Considerations

• The AI should not diagnose, recommend treatment, or add clinical judgment. Its role is strictly summarisation and structuring.

[mtcolman]

Business Case

AI-assisted application code creation (e.g., Python/Java/C# code snippets, backend logic).

Scenarios

Two Focus Areas:

• Threat Model from the AI Code Generator vendor perspective
• Threat Model from the AI Code Generator consumer (individual developer/Enterprise) perspective

Threat Modelling for Vendor

• System/Component Layer: Dataset / Training Layer
• Lifecycle Phase: Training Phase
• Focus:
  • Insecure or malicious training data (bad patterns, hidden backdoors).
  • Licensing/IP contamination from open-source (GPL, AGPL, CC-NC) or proprietary code.
• Implications:
  • AI tool manufacturer could ship a model that “bakes in” insecure or legally encumbered outputs.
  • Creates downstream risk for all consumers, even if they never interacted directly with the contaminated source.

Threat Modelling for Consumer

• System/Component Layer: Developer Consumption / Usage Layer
• Lifecycle Phases: Deployment Phase & Operational/Usage Phase
• Focus:
  • Developers trusting or integrating generated code that contains vulnerabilities.
  • Enterprises inadvertently deploying code snippets that trigger restrictive license obligations or copyright infringement.
• Implications:
  • Security: exposure to injection flaws, credential leaks, weak crypto practices.
  • Legal/Commercial: forced open-sourcing (GPL/AGPL), contract disputes, lawsuits, reputational damage.
  • Financial: remediation costs, delayed releases, compliance penalties.

[caraa-q]

I found this - quite detailed but seems to cover our use case

Summary: An experimental project that records doctor–patient dialogue and then summarises (and structures) it.

Site: https://pmc.ncbi.nlm.nih.gov/articles/PMC7225507/?utm_source=chatgpt.com

---

Stanford are creating something that is modernised which includes a flow in plain terms however there is no diagram included: https://med.stanford.edu/news/all-news/2024/03/ambient-listening-notes.html

[mtcolman]

chatbot - access (control) to company data.

[caraa-q]

https://arxiv.org/html/2409.17054v1?utm

[mtcolman]

I think this page could be very useful: https://www.ibm.com/architectures/hybrid

• Conversation with Agent Assist
• AI Governance
• RAG
• Document summarization
• AI Augmented SW development

[caraa-q]

Chatbot Mermaid Diagram

Mermaid code:

---
config:
  theme: base
  layout: fixed
---
flowchart TD
 subgraph s3["<b>Engineer Activities</b>"]
        n21(["<b>AI Engineer</b>"])
        n22(["Data Processing"])
        n23(["Client Data"])
        n24(["Embeddings"])
        n25(["Vector Database"])
  end
 subgraph s4["<b>User Activities</b>"]
        n26(["Authentication and Authorisation"])
        n31(["<b>User<b></b></b>"])
        n27(["GenAI App"])
        n34["Output Guard"]
        n33["Input Guard"]
  end
 subgraph s1["<b>Client Location</b>"]
        s3
        s4
  end
 subgraph s2["<b>Cloud (SaaS)/On-Prem</b>"]
        n32["LLM"]
  end
    n21 -- Ingest/Prepare --> n22
    n22 -- Generated Embeddings --> n24
    n23 -- Ingest/Prepare --> n22
    n24 -- Save Embeddings --> n25
    n25 -. Check authz .-> n26
    n27 -- "2 - Search for relevant information for query" --> n25
    n27 -. Check authz .-> n26
    n27 -- "3 - Raw query + prompt + enhanced content" --> n33
    n31 -- "1 - Initial Query" --> n27
    n31 -. Authenticates .-> n26
    n32 -- "5 - Raw Response" --> n34
    n34 -- "6 - Moderated Response" --> n27
    n27 -- "7 - Final Response" --> n31
    n33 -- "4 - Moderated query + prompt + enhanced content" --> s2
    n21@{ icon: "fa:circle-user", pos: "b", h: 48}
    n31@{ icon: "fa:circle-user", pos: "b", h: 48}
    n32@{ shape: rounded}
    style n21 stroke:#424242
    style n31 fill:transparent,stroke:#424242

[mtcolman]

Code Assistant AI

Mermaid code:

flowchart TD
    %% Users
    n2([Developer])
    n15([Reviewer])

    %% Auth
    subgraph 05["Authn/Authz"]
        n11["Authn"]
        n12["Authz"]
    end

    %% Workstation
    subgraph 02["Workstation"]
        n3["Local codebase clone"]
        n4["IDE"]
        n5["Assistant Plugin"]
    end

    %% Agent Tools (e.g.: https://www.qodo.ai/mcp-plugins/)
    subgraph 06["Agent Tools"]
        n17["Extension(s) / MCP Tool(s)"]
    end

    %% Services
    subgraph 07["Service"]
        n18["Service(s) e.g., Jira, GitHub"]
    end

    %% Cloud Assistant
    subgraph 04["Cloud Service (Assistant)"]
        n6["Assistant Backend"]
        n7["Assistant LLM"]
    end

    %% Remote / SCM
    subgraph 01["SCM (Server / Cloud)"]
        n1["Remote codebase"]
        n13["Pull Request (SCM)"]
        n14["SCM Policy Engine (branch protections, merge rules)"]
    end

    %% CI/CD
    subgraph 03["Change Control / CI-CD"]
        n16["clone repo"]
        n8["Build & Test Pipeline"]
        n9["Security Gate(s)"]
        n10["Code Quality Gate"]
    end

    %% Developer Auth flows
    n2 ---|"Authenticates"| n11
    n11 ---|"Authorization checks"| n12

    %% Dev local work
    n2 ---|"uses"| n4
    n4 ---|"R/W access"| n3
    n4 ---|"Context, Snippets, User Commands"| n5
    n5 ---|"Suggestions, Edits, Insertions"| n4

    %% Assistant interaction
    n5 ---|"Code prompt, edits, context"| n6
    n6 ---|"Suggestions"| n5
    n6 ---|"Processed request, context"| n7
    n7 ---|"Suggestions"| n6

    %% Assistant / Agent Tools / Service
    n5 ---|"calls (needs authn/z)"| n17
    n17 ---|"calls (needs authn/z)"| n18
    n18 -.->|"authn/z"| n11

    %% Git / PR / Pipeline / Merge flow
    n1 ---|"cloned to (with authn/authz)"| n3
    n3 ---|"push branch (with authn/authz)"| n13
    n13 ---|"triggers"| n8
    n16 ---|"code copy now in pipeline"| n8
    n1 ---|"repo clone for build (with authn/authz)"| n16
    n8 <-->|"security enforcement"| n9
    n8 <-->|"quality enforcement"| n10
    n8 ---|"status: pass/fail"| n13

    %% Reviewer optional step
    n15 -.->|"optional: review / approve"| n13

    %% Policy Engine controls merge
    n13 ---|"evaluates PR (pipeline + reviewer + rules)"| n14
    n14 ---|"update code"| n1

    %% SCM -> Authn/Authz
    n14 -.->|"authn check"| n11
    n14 -.->|"authorization enforcement"| n12