Threatlas vs IriusRisk

Threatlas vs IriusRisk

Both are automated threat modeling platforms, and both are EU-built — so the real decision is where the AI runs and how independent the vendor is. IriusRisk’s assistant runs on OpenAI’s cloud; Threatlas runs self-hosted open models on your own infrastructure.

The short version

IriusRisk is the established player — a decade old, EU-built in Spain, ISO 27001 certified, with a broad pre-built content library and a free Community Edition. As of January 2026 it’s part of ThreatModeler. Threatlas is the independent, data-sovereign challenger: the same automated, agentic approach, but able to run self-hosted AI models on your own infrastructure — air-gapped if needed — instead of calling out to a cloud model. If you need the broadest off-the-shelf catalog, IriusRisk is strong. If you can’t hand your code to a cloud AI, that’s where Threatlas is built to win.

Side by side

Based on publicly available information as of June 2026. “Not publicly documented” means the vendor hasn’t published that detail — not that it’s absent.

IriusRisk Threatlas
Approach Diagram-driven modeling plus an inference rules engine (Drools) over a security-pattern library. “Jeff” AI assistant generates models from text or images. Agentic platform on a structured security knowledge graph — threats, controls, frameworks, and components, linked.
AI models “Jeff” AI assistant powered by OpenAI (cloud). Self-hosted / bring-your-own-model: not publicly documented. Frontier models, plus self-hosted open models (e.g. Qwen, Llama) running fully on-premises.
Deployment SaaS, plus on-premise for Enterprise. Free Community Edition (SaaS, limited to 3 models). Air-gapped: not publicly documented. Managed SaaS (EU & US) plus on-premises / air-gapped deployment.
Data control & ownership ISO 27001 certified. EU-built (Spain) — now part of ThreatModeler (US, Invictus Growth Partners) since January 2026. Zero data retention and data-residency options; built in the EU, independent.
Integrations Jira, Azure DevOps, ServiceNow, GitHub Issues, Python CLI (MCP), Terraform, CloudFormation, AWS import (beta). GitLab / Bitbucket: not publicly documented. GitHub, GitLab, Jira, Jenkins, Confluence.
Security content Broad: 14+ regulatory frameworks, 22+ standards (NIST, OWASP, MITRE ATT&CK, CWE, IEC 62443, ISO 21434). Created the Open Threat Model (OTM) standard. NIST, OWASP, ISO 27001, PCI DSS, CIS, STRIDE, MITRE ATT&CK, CWE — and fully extensible with your own frameworks and controls.
Company Founded 2015, Spain; ~$29M Series B; hundreds of customers including major global banks. Acquired by ThreatModeler, January 2026. Built by AppSec practitioners from Europe’s tier-1 financial sector; EU & US.
Maturity Established platform; hundreds of customers and tens of thousands of threat models. Private beta with a select group of design partners.

When IriusRisk is the right call

  • You need the broadest mature, off-the-shelf content library on day one — 14+ regulatory frameworks and 22+ standards, including IEC 62443 and ISO 21434 for industrial and automotive.
  • You want to start for free — the Community Edition lets you build a few threat models at no cost.
  • You prefer a diagram-first workflow on an established rules engine with a large existing customer base.

When Threatlas is the better fit

  • You can’t send source code or architecture to a cloud AI — IriusRisk’s “Jeff” runs on OpenAI cloud, whereas Threatlas runs self-hosted open models on-premises, air-gapped.
  • You want an independent platform rather than one now folded into a larger enterprise group (ThreatModeler / Nexus).
  • You want a knowledge-graph-native agentic platform, fully extensible to your own frameworks and controls, with EU data residency and zero retention.

Threatlas vs IriusRisk — FAQ

Is Threatlas an alternative to IriusRisk?

Yes. Both are automated threat modeling platforms. Threatlas is a strong fit when you need self-hosted AI models running on-premises or air-gapped, an independent vendor, and a knowledge-graph-native agentic approach. IriusRisk brings a larger, longer-established content library and a free Community Edition.

What’s the main difference between Threatlas and IriusRisk?

The sharpest difference is where the AI runs. IriusRisk’s “Jeff” assistant is powered by OpenAI in the cloud, while Threatlas supports bring-your-own-model with self-hosted open models (such as Qwen and Llama) running fully on-premises for air-gapped, regulated environments. IriusRisk offers a broader, more mature pre-built content library.

Is IriusRisk still an independent company?

No. IriusRisk was acquired by ThreatModeler in January 2026 (majority owner Invictus Growth Partners) and combined under the ThreatModeler Nexus platform. If you’re comparing the combined enterprise offering, see our Threatlas vs ThreatModeler Nexus comparison.

Can Threatlas run AI fully on-premises?

Yes. Threatlas supports self-hosted open models running fully on-premises for air-gapped, regulated environments, paired with zero data retention and data-residency options.

See where your code and your models actually run.

Threatlas is in private beta with a select group of security teams. Request a demo to see on-prem, self-hosted AI threat modeling on your own stack.

Request a demo

Compare Threatlas to other tools

IriusRisk® is a trademark of its respective owner. Threatlas is not affiliated with, endorsed by, or sponsored by IriusRisk or ThreatModeler. This comparison is based on publicly available information as of June 2026 and is provided for general information; “not publicly documented” indicates details the vendor has not published.