Blab AI
VerSprite Unveils Fork and Knife Platforms to Enable Continuous, AI-Driven Threat Modeling and Adversarial Testing
On June 26 2026, VerSprite announced that its new products Fork and Knife are now generally available, positioning them as the next step in automated, risk‑centric security. Fork is a continuous threat‑modeling platform built around the company’s Process for Attack Simulation and Threat Analysis (PASTA) methodology, while Knife is an AI‑led, human‑on‑the‑loop adversarial testing engine designed to validate the paths Fork identifies.
PASTA is a seven‑stage framework that starts with business objectives and ends with risk and impact analysis. Unlike older models such as STRIDE, which merely categorises threats, PASTA drills down into the likelihood and real‑world impact of attacks. Fork claims to produce a defensible, risk‑prioritised threat model in under two hours and to keep that model current from the first sprint onward.
Key features of Fork include: - AI‑accelerated attack trees that trim noise and highlight high‑impact paths. - Contextualised models enriched with live cyber‑threat intelligence, vulnerability data across the full technology stack, and attack vectors validated through adversarial testing. - Automatic correlation with MITRE ATT&CK, CAPEC, CWE, CVE (with EPSS scoring), D3FEND, and OWASP ASVS. - A proprietary residual‑risk formula that recalculates exposure as tests complete or conditions change. - A single pane of glass that brings together threat intelligence, the application’s attack surface, and the current risk picture.
Fork is designed to augment existing security tooling rather than replace it. It integrates with ServiceNow, Veracode, Snyk, Semgrep, Checkmarx, OpenCTI, Qualys, Tenable, Mandiant, and Archer. Findings from static analysis, dynamic testing, software‑composition analysis, cloud posture, and penetration‑testing platforms feed into Fork, allowing the threat model to evolve in real time.
Knife, meanwhile, is an AI‑led, human‑on‑the‑loop adversarial testing platform for web applications and APIs. Trained on more than 20 years of accredited offensive‑security work from VerSprite’s BREAKERS OffSec team, Knife validates the attack paths identified by Fork. From within a Fork model, teams can request targeted, on‑demand testing of specific weaknesses. Knife runs the assessment, returns results, and Fork updates the residual risk automatically.
Together, Fork and Knife close the long‑standing gap between threat modelling and testing. In the past, threat models were often one‑off documents that became stale as code changed. With the new platform, modelling and testing become continuous, self‑updating processes that run alongside the software build.
VerSprite’s CEO and PASTA co‑author Tony UcedaVelez said the launch “marks the future of product and software security as an integrated model of AI SecOps—where products are securely designed and tested as part of the functional build process, not bolted on afterwards.”
The announcement comes as many organisations accelerate AI adoption across their stacks. Traditional threat‑modelling methods, such as STRIDE, are increasingly viewed as too slow and too disconnected from the real threat landscape, which now includes persistent adversaries, supply‑chain attacks, and AI‑enabled attack surfaces.
By embedding threat modelling into the development pipeline and coupling it with AI‑driven testing, Fork and Knife aim to give security and product teams a real‑time view of risk that aligns with business impact. The residual‑risk calculation and live threat intelligence are intended to help leaders prioritise mitigations that matter most.
The platforms are available to customers worldwide. VerSprite has not disclosed pricing or customer lists, but its website lists Fork and Knife as SaaS offerings.
In summary, VerSprite’s Fork and Knife represent a shift toward continuous, risk‑centric threat modelling and adversarial testing that leverages AI and existing security tooling. The approach seeks to keep pace with modern software delivery cycles and the evolving threat landscape, offering a unified view of risk that updates automatically as new findings emerge.
PASTA is a seven‑stage framework that starts with business objectives and ends with risk and impact analysis. Unlike older models such as STRIDE, which merely categorises threats, PASTA drills down into the likelihood and real‑world impact of attacks. Fork claims to produce a defensible, risk‑prioritised threat model in under two hours and to keep that model current from the first sprint onward.
Key features of Fork include: - AI‑accelerated attack trees that trim noise and highlight high‑impact paths. - Contextualised models enriched with live cyber‑threat intelligence, vulnerability data across the full technology stack, and attack vectors validated through adversarial testing. - Automatic correlation with MITRE ATT&CK, CAPEC, CWE, CVE (with EPSS scoring), D3FEND, and OWASP ASVS. - A proprietary residual‑risk formula that recalculates exposure as tests complete or conditions change. - A single pane of glass that brings together threat intelligence, the application’s attack surface, and the current risk picture.
Fork is designed to augment existing security tooling rather than replace it. It integrates with ServiceNow, Veracode, Snyk, Semgrep, Checkmarx, OpenCTI, Qualys, Tenable, Mandiant, and Archer. Findings from static analysis, dynamic testing, software‑composition analysis, cloud posture, and penetration‑testing platforms feed into Fork, allowing the threat model to evolve in real time.
Knife, meanwhile, is an AI‑led, human‑on‑the‑loop adversarial testing platform for web applications and APIs. Trained on more than 20 years of accredited offensive‑security work from VerSprite’s BREAKERS OffSec team, Knife validates the attack paths identified by Fork. From within a Fork model, teams can request targeted, on‑demand testing of specific weaknesses. Knife runs the assessment, returns results, and Fork updates the residual risk automatically.
Together, Fork and Knife close the long‑standing gap between threat modelling and testing. In the past, threat models were often one‑off documents that became stale as code changed. With the new platform, modelling and testing become continuous, self‑updating processes that run alongside the software build.
VerSprite’s CEO and PASTA co‑author Tony UcedaVelez said the launch “marks the future of product and software security as an integrated model of AI SecOps—where products are securely designed and tested as part of the functional build process, not bolted on afterwards.”
The announcement comes as many organisations accelerate AI adoption across their stacks. Traditional threat‑modelling methods, such as STRIDE, are increasingly viewed as too slow and too disconnected from the real threat landscape, which now includes persistent adversaries, supply‑chain attacks, and AI‑enabled attack surfaces.
By embedding threat modelling into the development pipeline and coupling it with AI‑driven testing, Fork and Knife aim to give security and product teams a real‑time view of risk that aligns with business impact. The residual‑risk calculation and live threat intelligence are intended to help leaders prioritise mitigations that matter most.
The platforms are available to customers worldwide. VerSprite has not disclosed pricing or customer lists, but its website lists Fork and Knife as SaaS offerings.
In summary, VerSprite’s Fork and Knife represent a shift toward continuous, risk‑centric threat modelling and adversarial testing that leverages AI and existing security tooling. The approach seeks to keep pace with modern software delivery cycles and the evolving threat landscape, offering a unified view of risk that updates automatically as new findings emerge.
