G-STAR: a threat modeling framework for general-purpose AI systems

DOI	Resolve DOI: https://doi.org/10.1109/PST65910.2025.11268824
Author	Search for: Xiong, Pulei¹ORCID identifier: https://orcid.org/0000-0002-3460-6946; Search for: Lohrasbi, Saeedeh¹; Search for: Kotian, Prini¹; Search for: Buffett, Scott¹
Affiliation	National Research Council Canada. Digital Technologies
Format	Text, Article
Conference	2025 22nd Annual International Conference on Privacy, Security, and Trust (PST), August 26-28, 2025, Fredericton, New Brunswick, Canada
Subject	general-purpose AI; secure and trustworthy GPAI; system architecture; threat modeling; vulnerabilities
Abstract	This research presents the preliminary findings of an ongoing project focused on the security of General-Purpose AI (GPAI) applications. We introduce three key contributions: (i) a taxonomy of GPAI-specific vulnerabilities, offering a structured classification of security risks unique to GPAI models and applications; (ii) a generalized GPAI application architecture, serving as a meta-model for analyzing a wide range of real-world use cases; and (iii) G-STAR, a novel threat modeling reference framework that identifies key entities and their interrelationships in GPAI ecosystems, and provides a structured methodology for assessing and mitigating potential threats. Our study addresses both data and model vulnerabilities inherent in GPAI systems, highlighting critical security challenges. While the research is still in its early stages, the initial results provide a valuable foundation for continued investigation. Future work will focus on enhancing the generalized architecture, exploring mitigation strategies in depth, and applying and refining the G-STAR framework in real-world GPAI scenarios. This work aims to support AI security practitioners in promoting secure development and deployment of GPAI systems across diverse domains.
Publication date	2025-08-26
Publisher	IEEE
In	2025 22nd Annual International Conference on Privacy, Security, and Trust (PST), 11268824 (26 August 2025): 1–12.
Language	English
Peer reviewed	Yes
Export citation	Export as RIS
Report a correction	Report a correction (opens in a new tab)
Record identifier	bd5e7bd5-9673-444a-a012-b83d927336a0
Record created	2026-03-26
Record modified	2026-05-04

Page details

From:

National Research Council Canada

Date modified:: 2026-05-14