? => Hier. ? => Ahead:

On 14 April 2026, 34 threat modelling enthusiasts gathered for the first TMC DACH Tool Showcase! That’s a new visitor record! Christian Schneider introduced us to his tool AttackTree.online. Christian is also known within our community for his work on Threagile.

TMC-DACH-Treffen111039×635 141 KB

New concept: Tool Show

The Tool Show is a new concept from TMC DACH. The idea is to experience a threat modelling tool in action first-hand, so that you can then assess whether it might be something for you. We’ve still got a bit of work ahead of us and can offer activities right up until retirement, because, as we know from Toreon, there are quite a few of them.

Playground: AI Agents Out of Control

Christian began by introducing the evening’s playground: AI Agents Out of Control. Inspired by a vulnerability report, he explained how AI agents with far-reaching powers are vulnerable in many ways and inspired us to take a closer look at this…
So the event was doubly exciting: a great tool, a great playground project.

May we introduce? AttackTree.online !

We witnessed how Christian, fuelled by interactive feedback from the lively participants, masterfully modelled threats using his tool:

01-Attacks1026×519 82.9 KB

1. Starting from the attack objective ‘Steal Sensitive Data via Assistant’, Christian delved deeper and deeper into attacks and refined them. Here in the image you can see how ‘Indirect Prompt Injection’ is broken down into four possible specialisations. The arrow pointing right indicates a dive, which Christian did repeatedly.

02-Tree-Brainstorming-Mode1127×421 74.8 KB

2. Christian had initially selected Brainstorming mode. This simplifies and reduces the interface. Here, in the Graph tab, you can now see the entire attack tree without colour coding. At the top of the drop-down list, you can see various views. Christian switched from Brainstorming to “Current Implementation Status”.

03-Tree-no-weights1121×501 92.9 KB

3. The nodes are now coloured. As they were entered in Brainstorming mode, they all have the same weights. Nodes such as “Prompt Injection”, which have been heavily refined, are now classified as more likely due to the particularly high number of possibilities and are already coloured slightly red here. The tool assumes that there are many attack possibilities here because the refinement was extensive.

04-Actors-Likelihood-Matrix1120×525 107 KB

4. Christian explained the mathematical model underlying the probabilities. In the Actors tab, threat actors can be freely defined along with an occurrence estimate. Threat actors, based on their rarity, are then combined (multiplied) with an attack complexity – ranging from Very Simple to Very Complex. This results in an occurrence index between 1 and 10,000. Christian explained that the thresholds and everything associated with them can be flexibly configured.

05-Attacks-and-Complexity934×467 103 KB

5. Christian then switched to the Attacks tab. There he found all the leaves of the attack tree. The threat actors and attack complexities can be selected here. Christian quickly went through everything. We can see probability classifications appearing on the right-hand side.

06-Tree-weighted1122×580 97.4 KB

6. Back in the Graph tab, the tree is now coloured, with the background colours reflecting the probabilities of occurrence. Note that probabilities are only entered for leaf nodes. At intermediate nodes, they are combined using OR or AND formulas.

07-Controls-AI-Suggestion1123×589 81.3 KB

7. To move beyond admiration for the problem, we started with measures. While still in the ‘Attacks’ tab, Christian switched to ‘Controls’ to enter measures. In doing so, he also used the AI suggestion function for measures integrated into AttackTree.online, which, according to him, sometimes provides good suggestions and sometimes bad ones. It is also possible to specify for measures how complex they are and how effective their protection is.

08-Controls-Status1121×571 92.4 KB

8. He then demonstrated in the Controls tab how the status of the measures can be managed. Here, the tool offers a wide range of options: Not considered, rejected, blocked, short-term, long-term, … And – oh yes – a measure can also be realised / implemented! As every threat modelling enthusiast knows, it only really has an impact on protection then. ‘There is no good unless you do it!’ The same applies in AttackTree.online

9. With the attack tree now complete, Christian briefly demonstrated a few special features of the tool. To do this, he switched to a template model with more inputs and measures. For example, the tool can compare short-term and long-term views. It can perform Monte Carlo attack simulations based on the inputs. It can highlight ‘choke points’ where a defence is particularly worthwhile because many attacks pass through them. We briefly looked at reports of various kinds. AI also generates a SOC plan on request.

Conclusion

It was impressive how Christian modelled a rather non-trivial attack tree in such a short space of time. We were able to understand his tool and the underlying concept of specialised, weighted threats with countermeasures. Along the way, we pondered AI agents. It was a very successful, inspiring evening! Thank you, Christian!

Try it yourself!

If this has piqued your curiosity, simply try out the tool for free:

Here is the model created that evening as a JSON export.

Next event: 3 June 2026 – Did we do a good (enough) job?

Our next event:

Together, we want to understand what it actually means in threat modelling to have done the much-cited “Good Job” from the 4-question framework. This format is very interactive!

Learn more? New website!

You can find out everything about us on our new website. We look forward to meeting you!