ThreatCanvas does not store any user prompts or attachments. No customer data is used to train the LLM model. SecureFlag uses an LLM provided by Anthropic.

Threat models can be stored on SecureFlag. Data is stored in a relational database with data encryption at rest and logical separation between different customer data.

For more details, check out our white paper on ThreatCanvas.

SecureFlag also offers Threat Modeling training with an extensive catalog of training labs. Customers can also create their own custom threat model training lab using the Threat Model Software Development Kit (SDK).  It’s possible to build Threat Modeling training labs by exporting the JSON from ThreatCanvas and importing it into the SDK. You can read more about this here.