Hosted sessions
Use threat_modeling.session.create, guided AWS Labs threat-modeling tools, and threat_modeling.session.export for architecture and business-context reviews.
AI Gateway
Managed threat modeling MCP
Run structured STRIDE threat modeling through BlackShield's governed MCP gateway, with generated reports attached to Security Reviews as tenant-scoped evidence.
Workspace validation
Use threat_modeling.agent_workspace_review.start to queue the Security Agent. Code-reading validation runs inside SECURITY_AGENT_WORKSPACE_ROOT, not in the hosted gateway.
Gateway controls
Grant threat_modeling.* to approved clients, hide unused tools, and require human approval for sensitive tool groups in the AI Gateway policy pack.
Review evidence
Markdown and JSON threat-model outputs are retained as Security Review artifacts and included in review exports.
S3 security isolation
All threat model session outputs are stored in a dedicated S3 bucket, strictly isolated by tenant ID prefix (threat-modeling/{company_id}/{session_id}) with KMS encryption.
Configurable retention
Set custom data retention periods (default 30 days) and custom bucket target configurations directly on your company integrations page.