Your code ships hourly.
Your threat model
ships quarterly.

Claude Code and Cursor ship changes by the hour, but your last threat-modeling workshop was a quarter ago. Threatcl Cloud puts your threat models where your code already lives: plain-text HCL your engineers & agents read and update in the same PR. Then Cloud makes it a program your team can run: one central workspace, shared threat and control libraries, and policies that check every model on every change, not every quarter.

code-first agentic-ready audit-friendly

Reserve your seat

Threatcl Cloud is in active beta. Skim what to expect, agree, and you're in. No credit card required.

Beta Service

Threatcl Cloud is currently in beta. By signing up, you agree to our Terms of Service and Privacy Policy, plus the following beta-specific terms:

Data

Your data may be reset. We may delete or reset Customer Data during the beta as the service evolves. Do not use Threatcl Cloud as your sole storage for any threat model you cannot afford to lose. Export regularly.

Service Level

No uptime guarantee. The beta is provided without any service level commitment. Features may change, break, or disappear without notice.

Feedback

Help us improve it. Please report bugs and security issues to support@threatcl.com we read every report.

When Threatcl Cloud leaves beta, this notice will be removed and only the standard Terms of Service will apply.

Rather chat first?

Quarterly cadence can't keep up with agentic dev

The architecture moved on three weeks ago. The diagram in the wiki is fiction. A threat model that updates once a quarter is a security posture you can't actually defend, so put it where it can move at the speed of your code: a plain-text file, reviewed in the PR, validated in CI, like every other artifact you already trust.

Write HCL in. Get coverage, STRIDE & risk out.

If you've written Terraform, you've written this. Push your threat models to the cloud and turn them into living, shareable security intelligence.

payments-api.hcl
# Checked into the repo. Diffed in the PR.
# Reviewed by humans and agents.
 
threatmodel "payments-api" {
  threat "token replay" {
    description = "Token replay attack"
    stride      = ["Spoofing"]
    control "secure tokens" {
      ref = "C-SAFEJWT"
    }
  }
}
Threatcl Cloud - coverage, STRIDE and risk dashboards

…and out comes this: coverage, STRIDE, risk, and more, all derived directly from your threat model as code.

πŸ”Ž

Central Threat Registry

Every threat model automatically indexed with full-text search. Find all integrity-related threats in seconds, and discover related models before starting new ones.

πŸ‘οΈ

Live Dashboards

Coverage, STRIDE, risk, and more.. all derived directly from your threat model as code, and updated when the code is. Real-time visibility across your whole portfolio.

βœ…

Review & Approvals

Manage the review status of threat models and get sign-offs from security, legal, and compliance, without locking non-technical stakeholders out.

πŸ€–

AI Ready

MCP connector available. Let Claude Code, Cursor, and your other AI tools read and reason over your threat data directly.

* Available now

Your workflow, enhanced

Add a backend block to your existing threatcl files. Everything else stays the same.

01

Connect

Add the cloud backend to your HCL files. One line of configuration.

02

Sync

Run threatcl cloud push. Models sync automatically to the cloud.

03

Collaborate

Review in the browser. Comment on threats. Get approvals from stakeholders.

04

Govern

Enforce policies. Track coverage. Report to leadership with real data.

If you ship with AI, there's a seat for you

Threat modeling out of the wiki and into your repo. Free to start, no credit card.