With the growing complexity of application architecture and application infrastructure, it becomes tedious and often unmanageable to analyze application security across a large portion or an architectural stack. Today's threat modeling applications are often static and require either manual input or antiquated approaches to account for new architecture, code and/or infrastructure. Today's threat modeling approaches are also ineffective and unable to scale to hundreds or thousands of software applications in a complex, connected software application ecosystem. Additionally, traditional threat modeling mechanisms represent point-in-time state and cannot keep pace with the rapid changes in the software application landscape.