Smart Attributes
Smart Attributes help you apply attributes to elements more efficiently during threat modeling.
Instead of manually searching for attributes, Smart Attributes allow you to describe an element in your own words. Devici then uses AI-assisted analysis to suggest the most relevant attributes from the Devici Codex, including both built-in attributes and custom attributes defined by your organization.
Use Smart Attributes to accelerate first-pass modeling and reduce the risk of missing important attributes.
What Smart Attributes do
Smart Attributes are an assistive feature, not a replacement for attribute selection.
They:
- Analyze a natural-language description of an element
- Suggest relevant attributes from the Devici Codex
- Surface both built-in Devici attributes and custom attributes created by your organization
- Help surface attributes you may have overlooked
They do not:
- Create new attributes
- Modify Codex content
- Automatically apply attributes without review
- Override your modeling decisions
Tip
Smart Attributes are most effective for initial modeling and exploratory reviews. Always validate suggested attributes before applying them.
How Smart Attributes fit into threat modeling
Threat modeling in Devici follows this relationship:
Attributes → Threats → Mitigations
Smart Attributes help with the first step by assisting in attribute discovery.
You still:
- Decide which attributes apply
- Apply attributes to elements
- Review generated threats and mitigations
Smart Attributes simply make it easier to find the right attributes faster.
When to use Smart Attributes
Use Smart Attributes when:
- Creating a new threat model
- Modeling an unfamiliar system or component
- Reviewing an element with complex behavior
- Validating attribute coverage during a review
Avoid relying on Smart Attributes when:
- You already know exactly which attributes apply
- Modeling highly specialized or proprietary behavior
- Making final risk decisions without review
Using Smart Attributes on an element
Smart Attributes are available directly on the threat modeling canvas.
To use Smart Attributes
- Select an element on the modeling canvas
- Open the Attributes picker from the element mini-menu
- Choose the Smart Attributes option
- Describe how the element functions and/or manages data using your own words
- Submit the description for analysis
- Review the suggested attributes
- Select all attributes that accurately reflect the element’s behavior
Suggested attributes are added only after you explicitly select them.
Writing effective descriptions
The quality of suggestions depends on the quality of your description.
Good descriptions include:
- What the element does
- Who or what interacts with it
- What type of data it handles
- Any trust or exposure assumptions
Example:
“This service authenticates users, processes login requests, and stores hashed credentials.”
Tip
Focus on behavior and data, not implementation details or control names.
Reviewing suggested attributes
After Smart Attributes generate suggestions:
- Review each attribute for accuracy
- Remove attributes that do not apply
- Add any missing attributes manually if needed
Suggestions may include both built-in Devici attributes and custom attributes created by your organization, depending on what best matches the description.
Smart Attributes are designed to assist, not replace, expert judgment.
Warning
Applying attributes without review can introduce noise or misleading threats. Always validate suggestions.
How Smart Attributes affect threat generation
Once selected, Smart Attributes behave exactly like manually applied attributes.
They:
- Map to threats via the Devici Codex
- Influence which threats appear
- Affect suggested mitigations
There is no difference in threat output based on how an attribute was selected.
Limitations and expectations
Smart Attributes:
- Work best with clear, descriptive input
- May suggest attributes that require refinement
- Do not guarantee complete coverage
They are intended to:
- Reduce friction
- Improve consistency
- Accelerate modeling—not automate it
What’s next
After applying Smart Attributes:
- Review generated threats in Threats & Mitigations
- Validate coverage using the Threat Register
- Refine attributes manually as the system evolves
Smart Attributes help you move faster—good threat modeling still depends on informed decisions.