Abstract
Cyber risk assessment is a cornerstone of cybersecurity management, yet current practices remain largely manual, static, and resource intensive. This paper presents the CORAS Threat Modeler, an open-source tool that leverages large language models (LLMs), retrieval-augmented generation (RAG), and multi-agent orchestration to automate the generation of structured risk information and threat models directly from natural-language system descriptions. The tool was developed with three success criteria in mind: automating threat model creation, enabling dynamic risk assessment through context-aware retrieval and generation, and supporting accessibility for both experts and non-experts. We present the architecture of the tool and its integration with CAPEC and CWE repositories, and report on an evaluation across three healthcare case studies: one hospital and two medical device manufacturers. Results show that the tool successfully produced syntactically correct and interpretable threat models, generated contextually relevant risks and mitigations, and lowered the entry barrier for non-experts. However, improvements for broader risk coverage, treatment flexibility, and enhanced usability are needed to fully realize its potential.