About Helmwart

Threat modeling for systems
that act on their own.

Agents plan, call tools, hold memory, and talk to each other. That breaks the assumptions most security tooling was built on. Helmwart is a calm, interpretive place to reason about what can go wrong, and to write down what you'll do about it.

Helmwart is interpretive. It doesn't score your readiness or certify your compliance, those manufacture false comfort. It gives you the inputs, the vocabulary, and the structure. You make the call.

What it is

An interpretive layer that turns published research into a working canvas.
A connected map: every finding points back to its place in the Atlas.
A way to reason about systems that plan, call tools, and act on their own.
Honest about uncertainty: it shows you the inputs, you make the call.

What it isn't

A compliance attestation or a certificate you can wave at an auditor.
A readiness score, a percent-complete bar, or a green checkmark.
A scanner that promises to find every flaw automatically.
A substitute for a real security review by real people.

It asks four questions

Adam Shostack's framework, applied to agentic systems.

What are we working on?

Map the agents, tools, memory, and trust boundaries onto a canvas.

What can go wrong?

Walk the OWASP decision path; surface the hazards that actually traverse your graph.

What are we going to do about it?

Place controls against each threat and watch residual risk move.

Did we do a good enough job?

Audit against zero-trust, least-privilege and defence-in-depth, then sign off.

It stands on published work

Helmwart maps onto these, it does not replace them.

OWASP Agentic AI — Threats & Mitigations v1.1 The master threat catalog (T1–T17). OWASP MAS Threat Modelling Guide v1.0 Multi-agent extensions (T18–T49). MAESTRO Seven-layer reference model Where in the stack a control has to land. MITRE ATLAS adversary TTPs The pivot from risk to attacker technique.

Two OWASP publications inform the catalog. The MAS guide reuses some extended IDs for scenario variants; Helmwart normalizes those and represents the colliding RPA source T16 / T17 entries as T48 / T49.

Start where it suits you.

Model your system → Read the Atlas Browse the library

Helmwart is a threat-modeling tool: it structures and accelerates how you model agentic-AI systems across OWASP Agentic AI, MAESTRO, and MITRE ATLAS, and turns the result into a working deliverable. Like any security tool, it doesn't guarantee a system is secure or replace a qualified reviewer's judgment of your specific architecture, regulations, and risk posture — the sign-off stays yours. The threat reference content is adapted from those frameworks under CC BY-SA 4.0.