VerSprite launches threat modelling platform Fork

on

Knife testing tool joins Fork on 26th June

VerSprite has launched Fork, a threat modelling platform for software teams, alongside Knife, an AI-led adversarial testing tool for web applications and web API endpoints. The Atlanta-based cybersecurity company announced both products on 26th June, and Fork is available immediately.

Together, the products link threat modelling with security testing during software development. VerSprite built Fork on the PASTA methodology, while Knife tests weaknesses and attack paths found in a threat model.

According to VerSprite, Fork can produce a risk-prioritised threat model in under two hours and keep it updated from the first sprint onward. The platform also pulls in live threat intelligence, vulnerability data across a product stack, and mappings to frameworks including CWE, CVE, CAPEC, ATT&CK, D3FEND and ASVS.

Testing tied to models

Knife targets web applications and web API endpoints, and VerSprite says it draws on more than 20 years of offensive security work from its BREAKERS team. From inside Fork, teams can request targeted testing, then feed the results back into the threat model and recalculate residual risk automatically.

Tony UcedaVelez, VerSprite founder and chief executive, co-authored the PASTA methodology. He said: “The future of product and software security is an integrated model of AI SecOps, where products are securely designed and tested as part of the functional build process, not bolted on afterward.”

VerSprite positions the launch as a response to slow, manual threat modelling workflows that often happen once, late in development, and then go stale when an application changes. The company argues that this gap has grown as organisations ship software faster and add AI across the stack.

For two decades, many teams have relied on STRIDE, which groups threats into spoofing, tampering, repudiation, information disclosure, denial of service and elevation of privilege. However, VerSprite argues that STRIDE does not use real-time threat intelligence, measure business impact, or reflect newer risks such as persistence, extortion, double-extortion ransomware, supply-chain compromise and AI-driven attack surfaces.

PASTA takes a different approach with seven stages that move from business objectives through attack surface, application decomposition, threat analysis, weakness and vulnerability analysis, attack modelling, and risk and impact analysis. As a result, VerSprite says Fork helps teams focus on threats that are both more likely and more damaging.

VerSprite says Fork is designed to work with existing enterprise security tools rather than replace them. Connected and planned integrations listed by the company include ServiceNow, Veracode, Snyk, Semgrep, Checkmarx, OpenCTI, Qualys, Tenable, Mandiant and Archer.

Fork is available in a free Community edition for a single application threat model with vulnerability ingestion through SBOM or OVAL. Enterprise tiers add unlimited applications and teams, integrations, single sign-on, access controls and audit logging, while Fork Enterprise PT includes on-demand adversarial testing through Knife.

Melbourne’s biggest moments, straight to you.

Last updated: 29 June 2026, 11:45 am

Daniel Rolph
Daniel Rolphhttp://melbourne-insider.au/
Daniel Rolph is the editor of Melbourne Insider, covering hospitality, venue openings and events across Melbourne. With over 15 years’ experience in marketing and media, he brings a commercial, newsroom-focused approach to accurate and timely local reporting.
Daniel Rolph
Daniel Rolphhttp://melbourne-insider.au/
Daniel Rolph is the editor of Melbourne Insider, covering hospitality, venue openings and events across Melbourne. With over 15 years’ experience in marketing and media, he brings a commercial, newsroom-focused approach to accurate and timely local reporting.

Melbourne’s biggest moments, straight to you.