Threat Matrix (STRIDE)

Threat Mitigation — AIP / Runtime Mapping#

STRIDE Mapping Overview#

Threat

Mitigation Strategy

AIP References

Runtime Controls

Spoofing

Domain binding + signature validation

AIP-04, AIP-08

Runtime 3.7–3.8

Tampering

Append-only audit log + optional hash-chain integrity

AIP-11

Runtime 3.16

Repudiation

Receipts + trace spans + boundary signing

AIP-11

Runtime 3.14–3.16

Information Disclosure

Secret isolation + policy gate + egress allowlists

AIP-05, AIP-03, AIP-14

Runtime 3.17, 3.20

Denial of Service

Quotas + rate limiting + cancellation controls

AIP-11, AIP-12

MCP Runtime + Observability Layer

Elevation of Privilege

Capability validation + default deny + policy gating

AIP-02, AIP-03

Runtime 3.5–3.6

Residual Risks#

Even with the above controls, the following residual risks remain:

• Compromised host operating system

• User mis-approval of capability requests

• Non-deterministic behavior from LLM execution