Skip to content

Codex Overview

The Devici Codex is the intelligence layer behind threat modeling in Devici. It defines how attributes map to threats, and how those threats map to mitigations in a consistent, explainable way.

This page provides a high-level overview of how the Codex is structured, how it is used during threat modeling, and how built-in and custom Codex content work together.

Use this page to understand how Devici reasons about risk, not to perform threat modeling tasks.

What the Codex is responsible for

The Codex defines the relationships that power threat modeling in Devici.

Specifically, it defines:

  • Which attributes describe meaningful security behavior
  • Which threats are associated with those attributes
  • Which mitigations are associated with those threats
  • How these relationships are evaluated in context

The Codex does not:

  • Define system architecture
  • Apply attributes to elements
  • Control how attributes are selected during modeling
  • Decide whether risk is acceptable

It provides the intelligence used to interpret threat models and support informed decisions.

The core Codex relationship

Threat modeling in Devici follows a clear and consistent relationship:

Attributes → Threats → Mitigations

  • Attributes are added to elements to describe behavior and data characteristics
  • Threats are generated based on the attributes present
  • Mitigations are recommended for each applicable threat

The Codex defines and maintains these mappings.

Understanding this relationship makes threat output predictable and explainable.

Core building blocks of the Codex

The Codex is composed of three primary building blocks.

Attributes

Attributes describe security-relevant behavior and data characteristics, such as:

  • Exposure
  • Authentication and authorization assumptions
  • Data sensitivity
  • Trust assumptions

Attributes are defined in the Codex and added to elements during threat modeling.
They are the primary input used by the Codex to generate threats.

Threats

Threats describe undesirable conditions that may occur when certain attributes are present.

Each Codex threat:

  • Is linked to one or more attributes
  • Explains why it applies
  • Is evaluated in the context of the threat model
  • Appears when relevant attributes are applied to elements

Threats are generated automatically during threat modeling based on Codex mappings.

Mitigations

Mitigations describe actions or controls that reduce the likelihood or impact of a threat.

Codex mitigations:

  • Are mapped directly to threats
  • Represent recommended controls, not requirements
  • Can be tracked as implemented, planned, or not implemented

Mitigations connect threat modeling output to engineering and operational work.

Built-in Codex

The built-in Codex is maintained by Devici and provides a curated, continuously evolving intelligence base.

It is informed by established frameworks and research, including:

  • STRIDE
  • LINDDUN
  • OWASP Top Ten (including APIs and LLMs)
  • MAESTRO
  • CWE and other industry sources

The built-in Codex ensures:

  • Consistent threat modeling across teams
  • Predictable threat output
  • Shared understanding during reviews

Built-in Codex content cannot be modified by users.

Custom Codex

The Custom Codex allows organizations to extend Devici’s threat intelligence.

Use the Custom Codex to define:

  • Organization-specific attributes
  • Custom threats and mitigations
  • Internal security standards or policies
  • Domain- or industry-specific risk considerations

Custom Codex content:

  • Coexists with the built-in Codex
  • Extends, but does not override, built-in intelligence
  • Is reusable across threat models

Tip

Use the Custom Codex to extend coverage, not to replace built-in intelligence. Consistency is critical for scalable threat modeling.

How the Codex is used during threat modeling

Most users interact with the Codex indirectly.

During threat modeling:

  1. You model system structure using elements, data flows, and trust boundaries
  2. You add attributes to elements to describe behavior
  3. The Codex maps attributes to threats
  4. The Codex maps threats to mitigations

Understanding the Codex helps explain:

  • Why certain threats appear
  • Why others do not
  • How attribute changes affect threat output

Explainability and trust

A core goal of the Codex is explainability.

For every generated threat, the Codex provides:

  • A clear explanation of why the threat applies
  • The attributes involved
  • Suggested mitigations tied to known risk patterns

This transparency allows teams to:

  • Trust generated threats
  • Defend decisions during reviews
  • Evolve threat models confidently over time

When to interact with Codex content directly

You may need to work directly with Codex content when:

  • Extending threat intelligence for organization-specific risk
  • Standardizing threat modeling practices across teams
  • Governing shared attributes, threats, and mitigations
  • Integrating Devici into formal security programs

For most threat modeling workflows, no Codex modification is required.

What’s next

To go deeper into Codex concepts, see:

To learn how attributes are selected and applied during modeling, see

The Codex provides the intelligence foundation that makes threat modeling in Devici consistent, scalable, and explainable.