{"Version":1,"UUID":"592c35f4-4dd5-4ac7-b2bb-fe8b7c1e74da","Timestamp":"2026-04-14T16:45:25.380695114Z","Creation":"2026-04-14T15:58:51.604732008Z","TreeType":0,"Root":"A0","NodeMap":{"A0":{"ID":"A0","Title":"Enterprise AI Agent System","Description":"","Flagged":false,"Timestamp":"2026-04-14T15:58:51.604729002Z","Uncertainty":0,"AndOperator":false,"Parent":"","Children":["A1"],"Referrers":null,"References":null,"Impact":3,"ImpactSubclasses":null,"AffectedAssets":null,"VectorRefinements":null,"ThreatActor":4,"Complexity":2,"STRIDE":0,"TTP":"","Controls":null,"OutOfScope":false,"OutOfScopeJustification":"","ExternalReferencedLikelihood":0},"A1":{"ID":"A1","Title":"Seal Sensitive Data via Assistant","Description":"","Flagged":false,"Timestamp":"2026-04-14T16:00:12.912740188Z","Uncertainty":0,"AndOperator":false,"Parent":"A0","Children":["A2","A3","A4","A5","A20","A21"],"Referrers":null,"References":null,"Impact":4,"ImpactSubclasses":null,"AffectedAssets":null,"VectorRefinements":null,"ThreatActor":4,"Complexity":2,"STRIDE":4,"TTP":"","Controls":null,"OutOfScope":false,"OutOfScopeJustification":"","ExternalReferencedLikelihood":0},"A10":{"ID":"A10","Title":"IDPI via Webseite Content (accessed by agent)","Description":"","Flagged":false,"Timestamp":"2026-04-14T16:30:34.317220194Z","Uncertainty":0,"AndOperator":false,"Parent":"A7","Children":null,"Referrers":null,"References":null,"Impact":3,"ImpactSubclasses":null,"AffectedAssets":null,"VectorRefinements":null,"ThreatActor":4,"Complexity":3,"STRIDE":6,"TTP":"","Controls":null,"OutOfScope":false,"OutOfScopeJustification":"","ExternalReferencedLikelihood":0},"A11":{"ID":"A11","Title":"MCP-based Attacks","Description":"","Flagged":false,"Timestamp":"2026-04-14T16:06:13.676898212Z","Uncertainty":0,"AndOperator":false,"Parent":"A7","Children":["A12","A13"],"Referrers":null,"References":null,"Impact":3,"ImpactSubclasses":null,"AffectedAssets":null,"VectorRefinements":null,"ThreatActor":4,"Complexity":2,"STRIDE":5,"TTP":"","Controls":null,"OutOfScope":false,"OutOfScopeJustification":"","ExternalReferencedLikelihood":0},"A12":{"ID":"A12","Title":"Malicious MCP Tool Description","Description":"","Flagged":false,"Timestamp":"2026-04-14T16:35:38.142515925Z","Uncertainty":0,"AndOperator":false,"Parent":"A11","Children":["A14","A15"],"Referrers":null,"References":null,"Impact":3,"ImpactSubclasses":null,"AffectedAssets":null,"VectorRefinements":null,"ThreatActor":4,"Complexity":2,"STRIDE":2,"TTP":"","Controls":{"C2":3,"C3":2},"OutOfScope":false,"OutOfScopeJustification":"Machen wir nicht","ExternalReferencedLikelihood":0},"A13":{"ID":"A13","Title":"Malicious MCP Tool Response","Description":"","Flagged":false,"Timestamp":"2026-04-14T16:05:15.908877004Z","Uncertainty":0,"AndOperator":false,"Parent":"A11","Children":null,"Referrers":null,"References":null,"Impact":3,"ImpactSubclasses":null,"AffectedAssets":null,"VectorRefinements":null,"ThreatActor":4,"Complexity":2,"STRIDE":2,"TTP":"","Controls":null,"OutOfScope":false,"OutOfScopeJustification":"","ExternalReferencedLikelihood":0},"A14":{"ID":"A14","Title":"Initial Malicious MCP Tool Description","Description":"","Flagged":false,"Timestamp":"2026-04-14T16:22:28.252517506Z","Uncertainty":0,"AndOperator":false,"Parent":"A12","Children":null,"Referrers":null,"References":null,"Impact":3,"ImpactSubclasses":null,"AffectedAssets":null,"VectorRefinements":null,"ThreatActor":4,"Complexity":3,"STRIDE":2,"TTP":"","Controls":{"C1":4},"OutOfScope":false,"OutOfScopeJustification":"","ExternalReferencedLikelihood":0},"A15":{"ID":"A15","Title":"Rug-Pull Attack on MCP Tool Description","Description":"","Flagged":false,"Timestamp":"2026-04-14T16:28:34.859555671Z","Uncertainty":0,"AndOperator":false,"Parent":"A12","Children":null,"Referrers":null,"References":null,"Impact":3,"ImpactSubclasses":null,"AffectedAssets":null,"VectorRefinements":null,"ThreatActor":4,"Complexity":2,"STRIDE":2,"TTP":"","Controls":{"C4":4},"OutOfScope":false,"OutOfScopeJustification":"","ExternalReferencedLikelihood":0},"A16":{"ID":"A16","Title":"IDPI via RAG-Pipeline Content","Description":"","Flagged":false,"Timestamp":"2026-04-14T16:29:21.995429811Z","Uncertainty":0,"AndOperator":false,"Parent":"A7","Children":null,"Referrers":null,"References":null,"Impact":3,"ImpactSubclasses":null,"AffectedAssets":null,"VectorRefinements":null,"ThreatActor":1,"Complexity":2,"STRIDE":5,"TTP":"","Controls":null,"OutOfScope":false,"OutOfScopeJustification":"","ExternalReferencedLikelihood":0},"A17":{"ID":"A17","Title":"Prompt Injection via Chat/Text","Description":"","Flagged":false,"Timestamp":"2026-04-14T16:31:10.812143519Z","Uncertainty":0,"AndOperator":false,"Parent":"A6","Children":null,"Referrers":null,"References":null,"Impact":3,"ImpactSubclasses":null,"AffectedAssets":null,"VectorRefinements":null,"ThreatActor":5,"Complexity":3,"STRIDE":2,"TTP":"","Controls":null,"OutOfScope":false,"OutOfScopeJustification":"","ExternalReferencedLikelihood":0},"A18":{"ID":"A18","Title":"Prompt Injection via Photo/Image","Description":"","Flagged":false,"Timestamp":"2026-04-14T16:31:22.548997673Z","Uncertainty":0,"AndOperator":false,"Parent":"A6","Children":null,"Referrers":null,"References":null,"Impact":3,"ImpactSubclasses":null,"AffectedAssets":null,"VectorRefinements":null,"ThreatActor":4,"Complexity":3,"STRIDE":2,"TTP":"","Controls":null,"OutOfScope":false,"OutOfScopeJustification":"","ExternalReferencedLikelihood":0},"A19":{"ID":"A19","Title":"Prompt Injection via Audio-Stream","Description":"","Flagged":false,"Timestamp":"2026-04-14T16:31:02.066113482Z","Uncertainty":0,"AndOperator":false,"Parent":"A6","Children":null,"Referrers":null,"References":null,"Impact":3,"ImpactSubclasses":null,"AffectedAssets":null,"VectorRefinements":null,"ThreatActor":4,"Complexity":1,"STRIDE":2,"TTP":"","Controls":null,"OutOfScope":false,"OutOfScopeJustification":"","ExternalReferencedLikelihood":0},"A2":{"ID":"A2","Title":"Ask for Sensitive Data","Description":"","Flagged":false,"Timestamp":"2026-04-14T16:27:24.957633498Z","Uncertainty":0,"AndOperator":false,"Parent":"A1","Children":null,"Referrers":null,"References":null,"Impact":3,"ImpactSubclasses":null,"AffectedAssets":null,"VectorRefinements":null,"ThreatActor":6,"Complexity":4,"STRIDE":4,"TTP":"","Controls":null,"OutOfScope":false,"OutOfScopeJustification":"","ExternalReferencedLikelihood":0},"A20":{"ID":"A20","Title":"Zugriff auf Browser-Historie/Cache","Description":"","Flagged":false,"Timestamp":"2026-04-14T16:32:01.594317635Z","Uncertainty":0,"AndOperator":false,"Parent":"A1","Children":null,"Referrers":null,"References":null,"Impact":3,"ImpactSubclasses":null,"AffectedAssets":null,"VectorRefinements":null,"ThreatActor":4,"Complexity":1,"STRIDE":6,"TTP":"","Controls":null,"OutOfScope":false,"OutOfScopeJustification":"","ExternalReferencedLikelihood":0},"A21":{"ID":"A21","Title":"Web-Session per XSS übernehmen","Description":"","Flagged":false,"Timestamp":"2026-04-14T16:31:51.859991127Z","Uncertainty":0,"AndOperator":false,"Parent":"A1","Children":null,"Referrers":null,"References":null,"Impact":3,"ImpactSubclasses":null,"AffectedAssets":null,"VectorRefinements":null,"ThreatActor":5,"Complexity":3,"STRIDE":2,"TTP":"","Controls":null,"OutOfScope":false,"OutOfScopeJustification":"","ExternalReferencedLikelihood":0},"A3":{"ID":"A3","Title":"Eigenen (Teil-)Agenten deployen lassen","Description":"","Flagged":false,"Timestamp":"2026-04-14T16:28:58.974425379Z","Uncertainty":0,"AndOperator":false,"Parent":"A1","Children":null,"Referrers":null,"References":null,"Impact":3,"ImpactSubclasses":null,"AffectedAssets":null,"VectorRefinements":null,"ThreatActor":3,"Complexity":1,"STRIDE":0,"TTP":"","Controls":null,"OutOfScope":false,"OutOfScopeJustification":"","ExternalReferencedLikelihood":0},"A4":{"ID":"A4","Title":"Sensitive Daten aus Trainingsdaten beziehen","Description":"","Flagged":false,"Timestamp":"2026-04-14T16:31:44.418263035Z","Uncertainty":0,"AndOperator":false,"Parent":"A1","Children":null,"Referrers":null,"References":null,"Impact":3,"ImpactSubclasses":null,"AffectedAssets":null,"VectorRefinements":null,"ThreatActor":4,"Complexity":1,"STRIDE":4,"TTP":"","Controls":null,"OutOfScope":false,"OutOfScopeJustification":"","ExternalReferencedLikelihood":0},"A5":{"ID":"A5","Title":"Prompt Injection","Description":"","Flagged":false,"Timestamp":"2026-04-14T16:01:53.071826405Z","Uncertainty":0,"AndOperator":false,"Parent":"A1","Children":["A6","A7"],"Referrers":null,"References":null,"Impact":3,"ImpactSubclasses":null,"AffectedAssets":null,"VectorRefinements":null,"ThreatActor":4,"Complexity":2,"STRIDE":2,"TTP":"","Controls":null,"OutOfScope":false,"OutOfScopeJustification":"","ExternalReferencedLikelihood":0},"A6":{"ID":"A6","Title":"Direkte Prompt Injection","Description":"","Flagged":false,"Timestamp":"2026-04-14T16:02:18.136150247Z","Uncertainty":0,"AndOperator":false,"Parent":"A5","Children":["A17","A18","A19"],"Referrers":null,"References":null,"Impact":3,"ImpactSubclasses":null,"AffectedAssets":null,"VectorRefinements":null,"ThreatActor":4,"Complexity":2,"STRIDE":2,"TTP":"","Controls":null,"OutOfScope":false,"OutOfScopeJustification":"","ExternalReferencedLikelihood":0},"A7":{"ID":"A7","Title":"Indirekte Prompt Injection","Description":"","Flagged":false,"Timestamp":"2026-04-14T16:02:22.308314866Z","Uncertainty":0,"AndOperator":false,"Parent":"A5","Children":["A8","A9","A10","A11","A16"],"Referrers":null,"References":null,"Impact":3,"ImpactSubclasses":null,"AffectedAssets":null,"VectorRefinements":null,"ThreatActor":4,"Complexity":2,"STRIDE":2,"TTP":"","Controls":null,"OutOfScope":false,"OutOfScopeJustification":"","ExternalReferencedLikelihood":0},"A8":{"ID":"A8","Title":"IDPI via Mail/Attachment","Description":"","Flagged":false,"Timestamp":"2026-04-14T16:29:08.44771522Z","Uncertainty":0,"AndOperator":false,"Parent":"A7","Children":null,"Referrers":null,"References":null,"Impact":3,"ImpactSubclasses":null,"AffectedAssets":null,"VectorRefinements":null,"ThreatActor":5,"Complexity":3,"STRIDE":4,"TTP":"","Controls":null,"OutOfScope":false,"OutOfScopeJustification":"","ExternalReferencedLikelihood":0},"A9":{"ID":"A9","Title":"IDPI via Feedback-Formular bzw. Customer-Chat","Description":"","Flagged":false,"Timestamp":"2026-04-14T16:23:02.00893022Z","Uncertainty":0,"AndOperator":false,"Parent":"A7","Children":null,"Referrers":null,"References":null,"Impact":3,"ImpactSubclasses":null,"AffectedAssets":null,"VectorRefinements":null,"ThreatActor":5,"Complexity":3,"STRIDE":2,"TTP":"","Controls":null,"OutOfScope":false,"OutOfScopeJustification":"","ExternalReferencedLikelihood":0}},"NodeHighestID":21,"ControlMap":{"C1":{"Status":2,"Effort":3,"Nature":0,"Kind":4,"Ticket":"","Friction":0,"Protection":100,"ID":"C1","Title":"Tool Registry Allowlist \u0026 Signing","Description":"Only allow MCP tools that are registered in an internal catalog and verified via cryptographic signing/attestation (publisher identity, version, integrity). Block execution of any tool whose description/manifest or package is unsigned or not in the allowlist.","Flagged":false,"CreatedViaAI":true,"Timestamp":"2026-04-14T16:43:46.771483387Z","Result":"","CheckTime":0,"Validation":"","Requirements":null},"C2":{"Status":1,"Effort":3,"Nature":4,"Kind":2,"Ticket":"","Friction":0,"Protection":100,"ID":"C2","Title":"Isolated Tool Execution + Egress Controls","Description":"Run MCP tools in hardened sandboxes (separate identity, filesystem isolation, no default network). Apply network allowlists, DLP-aware proxies, and output filtering so a malicious description cannot lead the assistant to exfiltrate sensitive data via tool calls.","Flagged":false,"CreatedViaAI":true,"Timestamp":"2026-04-14T16:43:43.363632269Z","Result":"","CheckTime":0,"Validation":"","Requirements":null},"C3":{"Status":2,"Effort":2,"Nature":1,"Kind":2,"Ticket":"","Friction":0,"Protection":100,"ID":"C3","Title":"Tool Call Auditing \u0026 Anomaly Detection","Description":"Log all tool descriptions/versions, prompts, tool invocations, parameters, and data access/egress decisions. Alert on anomalies such as new/changed descriptions, unusual destinations, bulk reads, repeated failed policy checks, or tool usage inconsistent with historical patterns.","Flagged":false,"CreatedViaAI":true,"Timestamp":"2026-04-14T16:43:44.61411217Z","Result":"","CheckTime":0,"Validation":"","Requirements":null},"C4":{"Status":1,"Effort":2,"Nature":2,"Kind":3,"Ticket":"","Friction":0,"Protection":100,"ID":"C4","Title":"Hash-Pinning of MCP Tool Descriptions","Description":"","Flagged":false,"Timestamp":"2026-04-14T16:43:32.877943896Z","Result":"","CheckTime":0,"Validation":"","Requirements":null}},"ControlHighestID":4,"PackageMap":{},"PackageHighestID":0,"AssetMap":{},"AssetHighestID":0,"Actors":{"Profile":"Default","DefaultActor":4,"DefaultComplexity":2,"ProbabilisticMode":true,"ImpactSubclass1":"Confidentiality","ImpactSubclass2":"Integrity","ImpactSubclass3":"Availability","ImpactSubclass4":"Accountability","ImpactSubclass5":"Financial","ImpactSubclass6":"Reputation","ImpactSubclass7":"Compliance","ImpactSubclass8":"Privacy","ImpactSubclass1Weight":1,"ImpactSubclass2Weight":1,"ImpactSubclass3Weight":1,"ImpactSubclass4Weight":1,"ImpactSubclass5Weight":1,"ImpactSubclass6Weight":1,"ImpactSubclass7Weight":1,"ImpactSubclass8Weight":1,"VectorRefinement1":"Skill Level","VectorRefinement2":"Motive","VectorRefinement3":"Opportunity","VectorRefinement4":"Size","VectorRefinement5":"Ease of Discovery","VectorRefinement6":"Ease of Exploit","VectorRefinement7":"Awareness by Attacker","VectorRefinement8":"Intrusion Detection Difficulty","VectorRefinement1Weight":1,"VectorRefinement2Weight":1,"VectorRefinement3Weight":1,"VectorRefinement4Weight":1,"VectorRefinement5Weight":1,"VectorRefinement6Weight":1,"VectorRefinement7Weight":1,"VectorRefinement8Weight":1,"RiskOfLikelihood0AndImpact0":0,"RiskOfLikelihood0AndImpact1":0,"RiskOfLikelihood0AndImpact2":0,"RiskOfLikelihood0AndImpact3":0,"RiskOfLikelihood0AndImpact4":1,"RiskOfLikelihood1AndImpact0":0,"RiskOfLikelihood1AndImpact1":0,"RiskOfLikelihood1AndImpact2":1,"RiskOfLikelihood1AndImpact3":1,"RiskOfLikelihood1AndImpact4":2,"RiskOfLikelihood2AndImpact0":1,"RiskOfLikelihood2AndImpact1":1,"RiskOfLikelihood2AndImpact2":2,"RiskOfLikelihood2AndImpact3":2,"RiskOfLikelihood2AndImpact4":3,"RiskOfLikelihood3AndImpact0":1,"RiskOfLikelihood3AndImpact1":2,"RiskOfLikelihood3AndImpact2":3,"RiskOfLikelihood3AndImpact3":3,"RiskOfLikelihood3AndImpact4":4,"RiskOfLikelihood4AndImpact0":2,"RiskOfLikelihood4AndImpact1":3,"RiskOfLikelihood4AndImpact2":3,"RiskOfLikelihood4AndImpact3":4,"RiskOfLikelihood4AndImpact4":5,"RiskOfLikelihood5AndImpact0":2,"RiskOfLikelihood5AndImpact1":3,"RiskOfLikelihood5AndImpact2":4,"RiskOfLikelihood5AndImpact3":5,"RiskOfLikelihood5AndImpact4":5,"WeightOfEffectVeryHigh":90,"WeightOfEffectHigh":45,"WeightOfEffectMedium":22,"WeightOfEffectLow":11,"WeightOfEffectVeryLow":4,"ThresholdOfLikelihoodVeryLikely":7500,"ThresholdOfLikelihoodLikely":4000,"ThresholdOfLikelihoodPossible":1625,"ThresholdOfLikelihoodUnlikely":65,"ThresholdOfLikelihoodVeryUnlikely":1,"FeasibilityOfComplexityVerySimple":100,"FeasibilityOfComplexitySimple":75,"FeasibilityOfComplexityOrdinary":50,"FeasibilityOfComplexityComplex":25,"FeasibilityOfComplexityVeryComplex":1,"ValueOfImpactVeryHigh":162,"ValueOfImpactHigh":54,"ValueOfImpactMedium":18,"ValueOfImpactLow":6,"ValueOfImpactVeryLow":2,"Actor6Occurrence":100,"Actor5Occurrence":80,"Actor4Occurrence":65,"Actor3Occurrence":48,"Actor2Occurrence":32,"Actor1Occurrence":17,"Actor0Occurrence":1,"Actor6Title":"","Actor5Title":"","Actor4Title":"","Actor3Title":"","Actor2Title":"","Actor1Title":"","Actor0Title":"","Actor6Description":"","Actor5Description":"","Actor4Description":"","Actor3Description":"","Actor2Description":"","Actor1Description":"","Actor0Description":"","ControlMultiplierProcess":1,"ControlMultiplierBusiness":1,"ControlMultiplierOperations":1,"ControlMultiplierDevelopment":1,"ControlMultiplierArchitecture":1},"Report":{"Company":"","Author":"","Domain":"","Logo":"","TicketSystem":"","Language":"en","Audit":"","Scope":"","Summary":"","RiskCurrent":"","RiskSimulatedShortTerm":"","RiskSimulatedMediumTerm":"","TimelineShortTerm":"","TimelineMediumTerm":""},"QuestionMap":{},"QuestionHighestID":0,"WizardMap":null,"WizardApplied":false,"Changelog":null,"AIOriginTracking":true}