This paper addresses the challenge of identifying and mitigating security threats across the full lifecycle of large language models (LLMs). To this end, it proposes the first structured threat model explicitly aligned with the LLM development-to-deployment pipeline. Methodologically, it integrates threat modeling, a systematic mapping of knowledge (SoK), inductive analysis of attack patterns, and red-teaming practice to construct a comprehensive, stage-specific attack taxonomy—characterizing key attacker motivations, entry points, and corresponding defensive countermeasures. Its primary contribution is the first LLM-specific, phase-aware attack classification framework, which underpins a reusable, operationally grounded red-teaming methodology. This framework significantly enhances the systematicity, practicality, and industrial applicability of LLM security assessments, providing both theoretical foundations and actionable guidance for robust LLM security hardening.

Creating secure and resilient applications with large language models (LLM) requires anticipating, adjusting to, and countering unforeseen threats. Red-teaming has emerged as a critical technique for identifying vulnerabilities in real-world LLM implementations. This paper presents a detailed threat model and provides a systematization of knowledge (SoK) of red-teaming attacks on LLMs. We develop a taxonomy of attacks based on the stages of the LLM development and deployment process and extract various insights from previous research. In addition, we compile methods for defense and practical red-teaming strategies for practitioners. By delineating prominent attack motifs and shedding light on various entry points, this paper provides a framework for improving the security and robustness of LLM-based systems.