VerSprite, a global leader in risk-based threat modeling and the creator of the PASTA (Process for Attack Simulation and Threat Analysis) methodology, announced the general availability of Fork, a continuous application threat modeling platform, alongside Knife, an AI-led, human-on-the-loop adversarial testing environment. Together, the two products establish a proactive approach to product security, allowing software to be securely designed, continuously modeled, and actively tested within the functional build cycle itself.
The launch addresses a long-standing structural vulnerability in traditional DevSecOps: point-in-time security modeling. While modern engineering teams deploy code changes multiple times a day, conventional threat modeling remains a slow, manual process that relies on outdated frameworks. This friction results in stale security blueprints that fail to account for real-time code variations or emerging, AI-driven attack vectors.
“The future of product and software security is an integrated model of AI SecOps, where products are securely designed and tested as part of the functional build process, not bolted on afterward,” said Tony UcedaVelez, Founder and CEO of VerSprite. “Threat modeling has historically been a blueprint with no hammer; penetration testing has been a hammer with no blueprint. Fork and Knife now give it operational speed—continuous threat modeling and integrated, AI-led testing that keeps pace with how software is actually built and how adversaries actually behave.”
Also Read: F5 Unveils Comprehensive AI Security Platform to Mitigate Enterprise AI Risk and Eliminate Shadow Deployments
Moving Beyond Legacy STRIDE Frameworks with the PASTA Methodology
For over two decades, software teams have relied on frameworks like STRIDE to classify application vulnerabilities. However, legacy systems fail to incorporate real-time cyber threat intelligence, measure bottom-line business impact, or reflect modern, multi-tier threat profiles like software supply chain compromises or AI-driven attack surfaces.
As a direct software implementation of the risk-centric PASTA methodology, Fork bridges this gap by mapping technical threats directly to corporate P&L priorities. The platform delivers several core automated capabilities to accelerate delivery pipelines:
AI-Accelerated Attack Trees: Employs intelligent machine learning models to prune theoretical attack trees, eliminating background noise and focusing developers exclusively on viable, high-impact risk paths.
Contextualized Threat Intelligence: Enriches application security diagrams by automatically injecting live vulnerability tracking data, exploit likelihoods, and real-world adversarial telemetry.
Industry-Aligned Framework Mappings: Correlates platform discoveries natively with trusted compliance standards, including MITRE ATT&CK, D3FEND, OWASP ASVS, and CVE lists using EPSS scoring models.
Dynamic Residual Risk Scoring: Features a proprietary mathematical formula that instantly recalculates an application’s real-time risk posture as continuous security tests complete.
Closing the Loop Between Secure Design and Active Testing
Where Fork serves as the architectural blueprint for application security, Knife functions as the execution engine. Trained on more than 20 years of accredited offensive security intelligence from VerSprite’s elite BREAKERS team, Knife operates as an AI-led, human-on-the-loop penetration testing platform optimized for web applications and web API endpoints.
The native integration between the two platforms closes the gap that has historically isolated threat modeling from active security validation. From directly within a Fork environment, security analysts can trigger on-demand Knife testing for targeted components. The AI agents rapidly execute specialized exploit chains at scale, while senior VerSprite consultants validate the findings to eliminate false positives. The live results then feed immediately back into the model, automatically updating the application’s residual risk metrics.
Fork is available for global enterprise adoption today under multiple operational tiers. A free Fork Community Edition supports a single application threat model with vulnerability ingestion via SBOM or OVAL files. The Fork Enterprise tier unlocks unlimited applications, team seats, corporate single sign-on (SSO), and native developer suite connectors (including ServiceNow, Snyk, Semgrep, and Veracode). The premium Fork Enterprise PT tier adds full, on-demand adversarial testing capabilities powered directly by Knife.