Why we're rebuilding ThreatKrew
A short note on the pivot, what we learned, and what we're building next.
The ThreatKrew founders
Founders
The short version: we’re rebuilding.
The longer version is that we spent the last year shipping a product we believed in, and the market’s response taught us something the roadmap hadn’t. The people we want to serve — senior practitioners who are held accountable for the answers threat models produce — don’t need a faster way to generate documents. They need a defensible way to reach the right answer, and a trail of evidence they can point to when someone senior asks how they got there.
That’s a different product. Not a small pivot from what we had — a different centre of gravity. So rather than bolt it onto the existing surface area, we’re taking the site down to a placeholder, going heads-down with a small group of design partners, and coming back when we’ve got something worth showing.
A few things we’re holding onto:
- Evidence over vibes. Every claim should trace back to something in the customer’s architecture, code, or documents. No plausible-sounding hallucinations.
- Decision-grade, not checklist-grade. The output should be something a senior reviewer would sign their name to, not a generic list of STRIDE prompts.
- Fast enough to live alongside delivery. Threat models that are out of date before they’re read aren’t threat models, they’re archaeology.
We’ll post more here as the work progresses — candid notes on what we’re building, what’s working, and what isn’t. If any of this resonates, the design partner programme is open and the inbox is hello@threatkrew.io.
More soon.