Microsoft · Filed Dec 16, 2025 · Published Apr 30, 2026 · verified — real USPTO data

Microsoft Wants LLMs to Do Your Threat Modeling For You

By Patentlyze Team · Updated

Threat modeling is one of the most time-consuming parts of secure software development. Microsoft is patenting an approach that hands the job to a large language model.

Microsoft Patent: LLM-Powered Threat Modeling for Security — figure from US 2026/0119659 A1
FIG. 1A — rendered from the official USPTO publication PDF.
Publication number US 2026/0119659 A1
Applicant Microsoft Technology Licensing, LLC
Filing date Dec 16, 2025
Publication date Apr 30, 2026
Inventors Tiferet Ahavah GAZIT, Aditya SHARAD
CPC classification 726/23
Grant likelihood Unknown
Examiner CENTRAL, DOCKET (Art Unit OPAP)
Status Docketed New Case - Ready for Examination (Jan 26, 2026)
Parent application is a Continuation of 18384954 (filed 2023-10-30)
Security

In plain English

When companies build software, security experts manually review designs to figure out how attackers might break in — a process called threat modeling. It's slow and requires specialized knowledge most teams don't have. Microsoft's patent describes a system where an AI language model (like the kind that powers ChatGPT) does this analysis automatically. You feed it information about your software, and it identifies potential security risks and attack paths, making security review faster and more accessible to developers who aren't security specialists.

How it works

The patent covers an LLM-based pipeline for automated threat modeling. The system likely ingests software architecture descriptions, data flow diagrams, or code artifacts and uses a large language model to reason about potential threats — mapping them to established frameworks such as STRIDE or MITRE ATT&CK. Rather than requiring a dedicated security architect to manually enumerate attack surfaces, the LLM generates threat scenarios, identifies vulnerable components, and potentially suggests mitigations. This is consistent with emerging 'security copilot' architectures where LLMs serve as a reasoning layer over structured security knowledge bases. Note: the full claim text was unavailable, so some specifics here are inferred from the title and classification.

Why it matters

Threat modeling is a known bottleneck in the software development lifecycle — most teams skip it because it's expensive and slow. Automating it with an LLM fits squarely into Microsoft's existing Security Copilot product strategy. If this works reliably, it could push security analysis earlier into the development process (shift-left security), which is a major industry goal.

Editorial take

This is a timely but narrowly scoped patent in a crowded area — several startups and researchers are already working on LLM-assisted threat modeling. Whether Microsoft's specific approach has meaningful novelty is impossible to judge without the full claims.

More from Microsoft

More in Security

Get one Big Tech patent every Sunday

Plain English, intelligent commentary, no hype. Free.

Source. Full patent text and figures from the official USPTO publication PDF.

Editorial commentary on a publicly published patent application. Not legal advice. Patentlyze may earn a commission if you click an affiliate link and make a purchase. This doesn't affect what we cover or how we cover it.