Open source AI-native Self-hostable

Design. Threat Model.
Simulate Exploits.

Your threat surface, before you ship

Most threat modeling happens after architecture decisions are locked in. By then, every finding is expensive rework. Layers brings threat analysis, posture scoring, and attack simulation to design time - where it's still cheap to fix.

For security engineers who want threat modeling at design time, not pentest time.

Star on GitHub See how it works
Layers - architecture diagramming with threat modeling canvas Layers - architecture diagramming with threat modeling canvas
Threat modeling happens too late. Findings arrive after decisions are locked.
Security teams get called in at the end - to review, not to shape. Every vulnerability found post-architecture costs 10–100× more to fix than one caught at design time. Layers puts security analysis at the moment architecture decisions are being made - not after the fact.
How it works
From diagram to threat intelligence

One continuous loop - design, analyze, simulate, evolve. Every step feeds the next.

01
Design
Generate your architecture with AI

Describe your system in plain language or draw it manually on a visual canvas. Layers generates nodes, edges, trust boundaries, and layer structure using AI. Works for new systems or existing architectures you're documenting. Add trust boundaries, annotate nodes with technology labels, and let Layers figure out what kind of system you're building.

Architecture diagram with threat model overlay Architecture diagram with threat model overlay
02
Threat modeling
Run STRIDE threat modeling with AI

Layers reads every node and edge in your diagram and surfaces threats with severity, STRIDE category, and CISSP domain. It auto-detects whether you're building a web application, a GenAI pipeline, or an agentic AI system - and applies the right framework automatically. No manual configuration. Trust boundaries elevate severity when data flows cross zones without encryption or authentication.

Threats dashboard showing findings by severity Threats dashboard showing findings by severity
03
Posture scoring
Score your security posture with AI

A scored assessment across five dimensions - Identity & Access, Data Protection, Infrastructure Security, Operational Resilience, and Supply Chain. Every deduction comes with a reason and a recommended fix. Every score is saved against the architecture version, so you can track improvement over time rather than just a snapshot.

Security posture scoring across five dimensions Security posture scoring across five dimensions
04
Attack simulation
Simulate attacks on your architecture with AI

Specify entry points - public API, web frontend, third-party integrations - and Layers generates realistic multi-step attack paths from those entry nodes to your crown jewels. Traditional threat modeling tells you what could go wrong. Attack simulation tells you exactly how an attacker would get there - and what they'd exploit along the way.

AI attack simulation showing kill chain paths AI attack simulation showing kill chain paths
05
Evolve
Version, report, and iterate

Update your architecture based on findings. Publish a new version. Watch your posture score improve. Every version is a versioned snapshot - diff any two to see exactly what changed, what improved, and what regressed. Share the consolidated report with your engineering and DevSecOps team so findings become tickets, not PDFs that get ignored.

Capabilities
Built for the security domain

Not a whiteboard tool with threat labels bolted on. Every capability is designed around how security engineers actually think.

Key capability
STRIDE threat modeling
Detects web apps, GenAI pipelines, and agentic systems from your diagram and applies STRIDE, OWASP LLM Top 10, or OWASP Agentic AI Top 10 automatically.
Trust boundary analysis
Define Internet, DMZ, Internal, and External zones. Data flows crossing boundaries without encryption or auth are automatically elevated in threat severity.
Key capability
Version control & diff
Publish, diff, and checkout architecture versions. Security analysis is version-linked - compare posture scores across v1, v2, v3 with full audit trail.
Attack simulation
AI constructs realistic kill chains from entry points to crown jewels. Named attack paths with per-step technique, success likelihood, and mitigation recommendations.
Threat reports
Threat findings, posture score, and attack paths unified in one view. Export for engineering handoff, compliance audits, or executive reporting.
AI assistant throughout
Diagram generation, threat chat, contextual Q&A, and semantic history search. The AI knows your diagram - not just general patterns.
Version diffing
Security posture tracked over time

Every architecture version is an immutable snapshot. Diff any two versions visually - see exactly what changed, what improved, and what regressed. Audit-ready by default.

When a compliance review asks "what changed in the payment layer between Q1 and Q3?" - you have the answer in two clicks, not a three-day archaeology exercise.

Added in v3
MFA enforced on auth service. Rate limiting on API gateway. Encryption added on DMZ→Internal flows.
Modified in v3
Trust boundary reclassified: storage service moved from External → Internal zone.
Removed in v3
Direct DB access from API layer. Replaced with internal service abstraction.
61
v2 posture score
78
v3 posture score
+17 pts

Know your threat surface before you ship

Open source, self-hostable, AI-native. Built for security engineers who want threat intelligence at design time - not a pentest report six months after launch.

Star on GitHub View setup docs →

Built by @sunilkrpv