beta
/Threat Modeling for Agentic AI Systems in Multi-Cloud Architectures: A STRIDE-MITRE ATT&CK Synthesis Framework
Abstract

The emergence of agentic Artificial Intelligence (AI) systems, autonomous software agents capable of planning, tool invocation, memory access, and multi-step task execution, introduces a fundamentally new class of security threats to cloud infrastructure. Unlike conventional software systems, AI agents operate with natural language instruction interfaces, tool-calling capabilities, persistent memory stores, and complex orchestrator-worker hierarchies that create novel attack vectors not addressed by existing threat modeling frameworks. This paper presents AMTF-Cloud (Agentic AI Multi-cloud Threat Framework), a comprehensive threat modeling methodology synthesizing STRIDE threat categories with MITRE ATT&CK cloud tactics, extended with six agentic-specific threat dimensions: prompt injection, tool chain poisoning, memory tampering, orchestrator hijacking, privilege escalation via tool abuse, and cross-agent lateral movement. We apply AMTF-Cloud to three representative agentic AI deployment patterns on AWS, Google Cloud Platform, and Microsoft Azure, identifying 47 novel threat scenarios and mapping each to cloud-native defensive controls. Our framework provides cloud security architects and infrastructure engineers with a systematic, actionable threat model for securing agentic AI deployments in production multi-cloud environments.

RelatedView All
CitationsView All
Citing-
Cited By-