Product overview

Threat modeling
that fits your workflow.

Three commands. Any IDE. Every stage of development — from architecture sketches to CI/CD pipelines. Arcwall finds what scanners miss.

Install in VS Code → View pricing
01 — How it works

Three steps.
30 seconds.

Install the extension, get an API key, open a project. That's it.

1
Install

One click from the Marketplace

Install from the VS Code Marketplace. Works in VS Code, Cursor, and Windsurf.

2
Configure

Get your API key

Enter your work email at arcwall.io — your API key appears instantly on screen. Paste it into VS Code settings under arcwall.apiKey. Takes 60 seconds.

3
Scan

Run your first threat model

Open any project folder. Press Ctrl+Shift+P and run Arcwall: Build Threat Model (Code). Results appear in a panel beside your editor in under 30 seconds.

02 — Three commands

Every stage
of your SDLC.

Design stage, code stage, or review — Arcwall covers the entire development lifecycle.

/build-threat-model

Code Analysis

Scans your repository locally. Finds authentication patterns, trust boundaries, data flows, and external service calls. Returns a full STRIDE model with severity ratings.

From Code Inferred Needs Input
/design-threat-model

Design Stage

No code needed. Describe your system through a structured intake — entry points, external services, sensitive data. Arcwall produces a threat model before a line is written.

From Design Needs Input
/review-threat-model

Baseline Review

Open any threat model file and score it against OWASP ASVS. Get a gap analysis with specific controls missing and remediation recommendations.

OWASP ASVS Gap Analysis
03 — What it finds

Design-level risks.
Not code bugs.

Arcwall finds the architectural decisions that make your system insecure — not the code defects that traditional scanners already catch.

Spoofing

Identity gaps

Authentication assumptions that let attackers impersonate legitimate users or services across trust boundaries.

Tampering

Data integrity risks

Missing validation at data flow boundaries that allows modification of data in transit or at rest.

Repudiation

Missing audit trails

Actions that can be performed without an immutable record — the gap that makes forensic investigation impossible.

Info Disclosure

Data exposure paths

Architectural paths where sensitive data flows through unclassified services or gets exposed to unauthorized parties.

Denial of Service

Availability risks

Rate limiting gaps, unbounded resource consumption, and single points of failure that make services unavailable.

Elevation of Privilege

Authorization gaps

Trust boundary misconfigurations that allow users to gain capabilities or access beyond their intended scope.

What scanners find
  • Known CVEs in dependencies
  • Code-level security bugs
  • Hardcoded secrets
  • SQL injection patterns
  • Known bad function calls
What Arcwall finds
  • Trust boundary misconfigurations
  • Design-level authorization gaps
  • Missing audit trails in architecture
  • Data flow risks across services
  • Architectural decisions that enable attacks
04 — Confidence tags

Every finding is
honest about certainty.

Arcwall tells you exactly how confident it is in each finding. No false authority, no generic advice.

[FROM CODE]

Directly observed

Finding is based on specific code patterns found in your repository. High confidence — something is demonstrably present or absent.

[INFERRED]

Reasonably inferred

Finding is based on patterns that strongly suggest a risk, but not definitively proven from the code alone. Worth investigating.

[NEEDS INPUT]

Engineer confirmation required

Arcwall identified a potential risk but needs your input to confirm or rule it out. Respond directly in the VS Code panel.

// Start free today

Ready to find what
your scanner misses?

Install the extension. Get your API key. Run your first threat model in 60 seconds.

Install VS Code Extension → View pricing