VerSprite has launched Fork, a continuous application threat modeling platform, along with Knife, an AI-led, human-on-the-loop adversarial testing platform for web apps and API endpoints.

Fork uses the PASTA methodology to translate business objectives into risk and impact analyses, delivering a defensible, risk-prioritized threat model in under two hours and keeping it up to date throughout development.

The company notes that traditional STRIDE-based threat modeling is outdated and slow, failing to incorporate real-time threat intelligence or adversary behaviors in the era of faster software delivery and widespread AI.

Tony UcedaVelez, VerSprite CEO and PASTA co-author, positions the product as enabling AI SecOps by integrating design, threat modeling, and testing into the build process.

Fork natively integrates with existing security ecosystems and tools (SAST, DAST, SCA, vulnerability scanning, CASM, ITSM) and connects to ServiceNow, Veracode, Snyk, Semgrep, Checkmarx, OpenCTI, Qualys, Tenable, Mandiant, and Archer for real-time risk visibility as software ships.

The Fork–Knife combination creates a continuous, self-updating AI SecOps workflow where threat modeling and testing inform each other in real time rather than in sequence.

Fork offers AI-accelerated attack trees, threat-informed models with live intelligence and vulnerability data, industry-aligned taxonomies (MITRE, OWASP, CWE, CVE-EPSS, CAPEC, ATT&CK, D3FEND, ASVS), a proprietary residual risk formula, and a unified stakeholder view.

VerSprite, founded in 2007, originated PASTA and has global clients; Fork and Knife extend its risk-based approach into modern DevSecOps.

Knife delivers AI-assisted adversarial testing aligned with the Fork threat model, validated with human oversight to ensure real-world fidelity and close the loop between threat modeling and testing.

Fork is available now, with a free Community edition for a single application threat model and SBOM/OVAL ingestion; Fork Enterprise supports unlimited apps/teams and full integrations, plus Fork Enterprise PT for on-demand adversarial testing via Knife, along with Threat Modeling as a Service.