FEAT: Threat Model Integration for Agentic Red Teaming

[KutalVolkan]

Is your feature request related to a problem? Please describe.

When red teaming agentic systems with multiple tools, APIs, and permission boundaries, PyRIT lacks visibility into the system architecture. Understanding how agents interact with tools, what permissions they have, and how data flows through the system would enable more effective security testing.

Describe the solution you'd like

Enable PyRIT to leverage threat model information about agentic system architecture.

Threat model should capture:

• Agent-to-tool relationships
• Tool permissions and capabilities
• Data flow paths
• Component boundaries

Implementation could be:

• Consume threat model files (JSON/YAML) from external tools
• Run external threat modeling tools via subprocess
• Native generation (if deemed valuable)

Additional context

Existing threat modeling tools for agentic systems:

• https://github.com/Repello-AI/Agent-Wiz
• https://github.com/splx-ai/agentic-radar

Question:

• Could target architecture simply be described in the adversarial agent's system prompt instead of structured files?
• If structured threat models are preferred, what implementation approach fits best: consuming external files, subprocess integration, or native generation?
• What tangible benefits would structured threat models provide over natural language architecture descriptions?