Threat model for new application features