Attack tree

An attack tree is a hierarchical, visual model used in cybersecurity to systematically represent how an attacker could achieve a specific malicious objective against a system, network, or asset. The root node defines the ultimate attack goal—such as data exfiltration or system compromise—which is then decomposed into increasingly granular sub-goals and prerequisite actions as child nodes. These nodes are connected through logical "AND" and "OR" gates: an "AND" gate requires all child conditions to be fulfilled, while an "OR" gate means any single child condition is sufficient to advance the attack.

By mapping out all potential attack paths in this structured manner, security professionals can identify critical vulnerabilities, evaluate the likelihood and impact of specific threats, and prioritize defensive measures accordingly. Attack trees are a foundational tool in both risk management and threat intelligence, enabling organizations to visualize complex attack scenarios, allocate resources effectively, and strengthen their overall cybersecurity posture.