The first platform expression of the ThreatModeler and IriusRisk merger arrives with partnerships across go-to-market and the public sector, and progress toward FedRAMP authorization

ThreatModeler today announced the general availability of ThreatModeler^® Nexus^™, an agentic threat modeling platform that brings governed, architecture-aware security into the way modern software is actually built. As AI writes a growing share of production code, the question is no longer whether to threat model. It is where and when. ThreatModeler Nexus answers that with a platform built to threat model everything, starting wherever a team already is.

ThreatModeler Nexus pairs a multi-agent system with a deterministic framework, so AI accelerates the work while the platform governs the outcome. A System Mapping Agent builds a system map from architecture artifacts or infers one directly from code. A Graph Agent grounds that work in each customer’s environment. A Reporting Agent produces audit-ready evidence. All three operate on the Secure Design Graph, the connected representation of components, threats, controls, and compliance mappings that makes the platform a system of record rather than a generator of one-time answers.

The Secure Design Graph is also the answer to what the ThreatModeler and IriusRisk merger created. Neither company alone held the full depth of curated threat, control, and compliance intelligence the Graph now consolidates. ThreatModeler Nexus is the first platform built on that combined substrate, and it carries the discipline both companies are known for: invisible to developers in the IDE, native to architects as a secure design control plane, and summarized as enterprise risk for security leaders.

“This is the platform the merger was for,” said Kevin Gallagher, Chief Executive Officer at ThreatModeler. “Two companies brought together a decade of work each, and the result is a Secure Design Graph no one else can rebuild from the outside. Launching it alongside partners across delivery and the public sector is the clearest signal of where this company is headed.”

“Finding flaws in code is cheap now. A frontier model can do it in minutes,” said Ben Oster, Chief Product Officer at ThreatModeler. “The hard part moved to confirming what actually matters, catching what is missing, and proving it to the board. That takes a governed framework and a system of record, not another prompt. That is what ThreatModeler Nexus is built to be.”

ThreatModeler is also actively working with Knox Systems toward achieving FedRAMP authorization, bringing governed agentic threat modeling to federal agencies and the regulated organizations that hold themselves to the same standard.

“Federal teams are under real pressure to adopt AI in security without giving up audibility or control,” said Hemant Baidwan, Executive CISO at Knox. “Achieving FedRAMP authorization through working with Knox allows agencies to bring emerging security capabilities into environments where every decision has to be defensible.”

Enterprises already run ThreatModeler at scale. A global financial services firm reduced threat modeling effort by 50 percent. The platform draws on more than a decade of curated research and 13 granted patents, with 3,500+ security requirements, 1,500+ catalogued threats, 3,000+ modeled components, and 180+ compliance frameworks behind every model. Recent industry research underscores the timing: for AI-generated code, threat modeling happens before the code is written 31 percent of the time, during 45 percent, and after 24 percent. (Source: Hanover Research, 2026, n=250.)

Agentic Threat Modeling. Built-in Confidence.
See ThreatModeler Nexus at threatmodeler.ai.

About ThreatModeler
ThreatModeler^® is a leader in agentic threat modeling and secure design. Founded in 2010, the company builds for a world where AI both writes software and finds its flaws in minutes, leaving teams racing to do the harder part: confirm what matters, catch what’s missing, and prove it. ThreatModeler Nexus^™, born of the 2026 union of two companies that pioneered automated threat modeling for the enterprise, answers that with specialized AI agents, grounded in the Secure Design Graph, that can start at any stage and on any system, from first design to what’s already running. The result: security leaders get one always-current, enterprise-wide view of risk, backed by a system of record for every security decision behind it. Learn more at threatmodeler.ai

About Knox Systems
Knox Systems operates the largest managed federal cloud, trusted by top agencies and partners across defense and civilian sectors. Built for speed, resilience, and compliance, Knox delivers FedRAMP authorization in 90 days - turning the biggest bottleneck in government IT into the fastest path to modernization. Knox proudly serves Adobe, Celonis, OutSystems, Armis, BigID and more AI and SaaS providers, accelerating secure innovation across the federal landscape. Learn more at www.knoxsystems.com

View source version on businesswire.com: https://www.businesswire.com/news/home/20260625732694/en/

“Finding flaws in code is cheap now. A frontier model can do it in minutes,” said Ben Oster, Chief Product Officer at ThreatModeler. “The hard part moved to confirming what actually matters, catching what is missing, and proving it to the board."