Threat models are often used by security champions to discover flaws in application environments. Many threat models are built thru defensive lens, foregoing realistic attack patterns that reflect adversarial goals vs. simply using a limited, non-mutable threat category.