- 0. About This Project
- 1. Introduction to Model Context Protocol (MCP)
- 2. The 9-Phase STRIDE Methodology
- 3. Project Architecture Overview
- 4. Setting Up the Development Environment
- 5. Building the Data Models
- 6. Building the Enum Validator
- 7. Building the Server Entry Point
- 8. Building the Business Context Module
- 9. Building the Architecture Analyzer
- 10. Building the Threat Actor Analyzer
- 11. Building the Trust Boundary Analyzer
- 12. Building the Asset Flow Analyzer
- 13. Building the Threat Generator
- 14. Building the Step Orchestrator
- 15. Building the Organization Guidelines System
- 16. Building the Assumption Manager
- 17. Utilities — State Collector and Batch Utils
- 18. Docker Deployment
- 19. Configuring AI Assistants
- 20. Running a Complete Threat Model Session
- 21. Customizing Organization Guidelines
- 22. Testing and CI/CD
- 23. Extending the Server
- 24. Conclusion and Next Steps
- A. Complete File Listing
- B. All 80+ MCP Tools Reference
- C. Environment Variables
- D. Source Code
Building an AI Threat Modeling MCP Server
Threat modeling is broken. It takes days, costs thousands, and most teams skip it entirely. What if your AI coding assistant could do it for you — systematically, consistently, and in minutes? This book shows you how to build an MCP server that makes it happen. You'll create 80+ structured tools that guide any AI assistant through a rigorous 9-phase STRIDE threat modeling workflow. Not vague prompts that produce unstructured text — real, typed, validated tools that build up a complete threat model piece by piece: business context, architecture, threat actors, trust boundaries, data flows, STRIDE-based threats, mitigations, and a final JSON export compatible with AWS Threat Composer. **What you'll build:** - A full MCP server with FastMCP (stdio + SSE transport) - Pydantic v2 data models for type-safe threat modeling - Case-insensitive enum validation (because AI isn't always consistent) - 11 tool modules covering every phase of STRIDE analysis - Customizable organization security guidelines loaded from `.md` files - Docker deployment for team-wide access - Compliance gap analysis that validates against mandatory controls - A complete workflow orchestrator with progress tracking **What makes this different:** The server doesn't call any LLM itself. It provides the structure and tools — your AI assistant (Claude, Kiro, Cursor, Copilot) provides the intelligence. This means it works with any model, any provider, forever. No API keys, no token costs for the server itself. **Who this is for:** - Security engineers who want to automate repetitive threat modeling - Python developers building MCP servers for any domain - DevSecOps teams embedding security into AI-assisted workflows - Architects who need consistent, auditable threat models - Anyone curious about how MCP tools work under the hood **By the end of this book**, you'll have a production-ready MCP server, a deep understanding of how AI tools are structured, and transferable patterns for building MCP servers in any domain — not just security.
Minimum price
$12.00
$29.00
You pay
Author earns
PDF
EPUB
About
About the Book
Build a complete Model Context Protocol (MCP) server that turns any AI coding assistant into a structured threat modeling expert. This hands-on guide walks you through creating 80+ specialized tools, a 9-phase STRIDE workflow, and a customizable security guidelines system — all in Python, all from scratch. Connect it to Claude, Kiro, Cursor, or Copilot. Describe your system. Get a professional, exportable threat model in minutes instead of days.
No security expertise required. Just Python and curiosity.
Categories
Feedback
Author
About the Author
Joseph Thachil George
Joseph Thachil George is a Technical Consultant for International Game Technology (IGT), Rome, Italy. Additionally, He has completed M. S in Cyber Security from the Università degli Studi di Firenze, Italy. In addition, he is also part of the research group (DISIA) of the University of Florence, Italy, and the research group (INESC-ID Lisbon) of the University of Lisbon, Portugal. His research interests cover Dynamic Malware Analysis, Blockchain technology- Hyperledger fabric, and cyber security. He published five books Cybercrime and Social Media Relationships, Designing Distributed Systems , Social Network Analysis ,Test Driven Development for Java Developers and ,Network Security Management respectively. In IGT he is been a part of various project related to game configuration and integration in various platform. Specialized in Java and spring boot-based projects. He has also worked in various companies in India, Angola, Portugal, and UK. In total he has seven years of experience in various IT companies.
Contents
Table of Contents
Get the free sample chapters
Click the buttons to get the free sample in PDF or EPUB, or read the sample online here
The Leanpub 60 Day 100% Happiness Guarantee
Within 60 days of purchase you can get a 100% refund on any Leanpub purchase, in two clicks.
See full terms...
Earn $8 on a $10 Purchase, and $16 on a $20 Purchase
We pay 80% royalties on purchases of $7.99 or more, and 80% royalties minus a 50 cent flat fee on purchases between $0.99 and $7.98. You earn $8 on a $10 sale, and $16 on a $20 sale. So, if we sell 5000 non-refunded copies of your book for $20, you'll earn $80,000.
(Yes, some authors have already earned much more than that on Leanpub.)
In fact, authors have earned over $15 million writing, publishing and selling on Leanpub.
Learn more about writing on Leanpub
Free Updates. DRM Free.
If you buy a Leanpub book, you get free updates for as long as the author updates the book! Many authors use Leanpub to publish their books in-progress, while they are writing them. All readers get free updates, regardless of when they bought the book or how much they paid (including free).
Most Leanpub books are available in PDF (for computers) and EPUB (for phones, tablets and Kindle). The formats that a book includes are shown at the top right corner of this page.
Finally, Leanpub books don't have any DRM copy-protection nonsense, so you can easily read them on any supported device.
Learn more about Leanpub's ebook formats and where to read them
Write and Publish on Leanpub
You can use Leanpub to easily write, publish and sell in-progress and completed ebooks and online courses!
Leanpub is a powerful platform for serious authors, combining a simple, elegant writing and publishing workflow with a store focused on selling in-progress ebooks.
Leanpub is a magical typewriter for authors: just write in plain text, and to publish your ebook, just click a button. (Or, if you are producing your ebook your own way, you can even upload your own PDF and/or EPUB files and then publish with one click!) It really is that easy.