---
title: "Threat — AP Cybersecurity Definition & Exam Guide"
description: "A threat is anything that can exploit a vulnerability to harm an asset. Learn how it fits the risk equation, adversary types, and defense in depth for the AP Cybersecurity exam."
canonical: "https://fiveable.me/ap-cybersecurity/key-terms/threat"
type: "key-term"
subject: "AP Cybersecurity"
unit: "Unit 2"
---

# Threat — AP Cybersecurity Definition & Exam Guide

## Definition

In AP Cybersecurity, a threat is any person, event, or action that can exploit a vulnerability to compromise an asset. It is one of the three pieces of risk, alongside the vulnerability it targets and the asset it endangers.

## What It Is

A **threat** is anything with the potential to [exploit](/ap-cybersecurity/unit-2/cyber-foundations/study-guide/0oS8jJyX7iolYntwz5Eh "fv-autolink") a [vulnerability](/ap-cybersecurity/key-terms/vulnerability "fv-autolink") and cause harm to an asset. Think of it as the "danger" side of the risk equation. Under EK 2.1.D.1, risk happens when a threat can exploit a vulnerability to compromise an asset. So a threat alone isn't risk. It only becomes risk when there's a weakness it can actually use and something valuable on the line.

Threats come in a lot of forms. They can be human [adversaries](/ap-cybersecurity/unit-3/network-vulnerabilities-and-attacks/study-guide/9lJpNM0eCHQ1M3XgFL97 "fv-autolink") like *script kiddies*, *hacktivists*, or *insider adversaries* (EK 2.1.B), each with different skills and motives. They can be the techniques those adversaries use, like *social engineering* attacks that manipulate people through *pretexting*, *authority*, or *intimidation* (EK 2.1.A). They can even be non-malicious, like a natural disaster knocking out *availability*. The exam wants you to recognize a threat, figure out what asset it endangers, and connect it to the right defense.

## Why It Matters

Threat lives in [Unit 2](/ap-cybersecurity/unit-2 "fv-autolink"): Securing Spaces, specifically topic 2.1 Cyber Foundations, and it's the glue holding that whole topic together. You'll see it in [AP Cybersecurity](/ap-cybersecurity "fv-autolink") 2.1.B (types of adversaries), 2.1.C (phases of a cyberattack), 2.1.D (the risk assessment process), and 2.1.G (why defense in depth is necessary). The CED literally builds risk out of three terms, threat, vulnerability, and asset, so if you can't define threat cleanly, the risk assessment objective falls apart. Every social engineering tactic in 2.1.A is a threat technique, and every security control in 2.1.F exists to counter some threat. It's the concept that turns a list of definitions into a connected story about how attacks happen and how defenders stop them.

## Connections

### Vulnerability and Asset in the Risk Equation (Unit 2)

[Risk](/ap-cybersecurity/key-terms/risk "fv-autolink") is the overlap of three things, and a threat is only one of them. A threat exploits a vulnerability to compromise an asset (EK 2.1.D.1). Remove any one piece and there's no risk, which is why patching a vulnerability can shut down a threat without ever touching the attacker.

### Types of Adversaries (Unit 2)

Most threats are people. Script kiddies, hacktivists, and insider adversaries (EK 2.1.B) are all threat actors with different skill levels and motives. Insider adversaries are especially dangerous threats because they already hold legitimate credentials and access.

### Defense in Depth / Layered Defense (Unit 2)

[Defense in depth](/ap-cybersecurity/key-terms/defense-in-depth "fv-autolink") exists because no single control stops every threat. EK 2.1.G.2 says layering lets an organization address different types of threats, each with the control best suited to it. It's a direct answer to the fact that threats are varied.

### Social Engineering Tactics (Unit 2)

[Social engineering](/ap-cybersecurity/key-terms/social-engineering "fv-autolink") is a threat technique that targets people instead of systems. Pretexting, authority, intimidation, and consensus (EK 2.1.A) are all ways a threat actor manipulates a target into doing what they want, no exploit code required.

## On the AP Exam

Multiple-choice questions love to hand you a scenario and ask you to identify the threat. A classic stem: an attacker emails employees claiming to be IT and demanding they verify credentials "or face account suspension," and you pick the social engineering technique at work (that one combines authority and intimidation). Another asks you to spot an example of an insider adversary threat. You're expected to read a situation, name the type of threat, and connect it to the right defense or risk factor. For free response, you may be asked to walk through a risk assessment, where you'd identify the threat, the vulnerability it exploits, and the asset at stake, then recommend a way to manage that risk (avoid, transfer, mitigate, or accept).

## threat vs vulnerability

A threat is the potential source of harm (the attacker, the technique, the event). A vulnerability is the weakness that lets the threat get through (an unpatched system, a gullible employee). The threat is the burglar; the vulnerability is the unlocked window. EK 2.1.D.1 says risk happens only when a threat can actually exploit a vulnerability, so you need both for there to be real risk.

## Key Takeaways

- A threat is anything that can exploit a vulnerability to compromise an asset, and it's one of the three ingredients of risk.
- A threat by itself is not risk; risk only exists when a threat has a vulnerability to exploit and a valuable asset to target (EK 2.1.D.1).
- Threats include human adversaries like script kiddies, hacktivists, and insider adversaries, as well as the techniques they use, like social engineering.
- Defense in depth is the answer to the variety of threats, since layering controls means each threat can be met by the control best suited to stop it (EK 2.1.G.2).
- On the exam, you read a scenario, name the threat, and link it to the vulnerability, asset, or control involved.

## FAQs

### What is a threat in AP Cybersecurity?

A threat is any person, technique, or event that can exploit a vulnerability to harm an asset. It's the danger side of the risk equation defined in EK 2.1.D.1, alongside vulnerability and asset.

### Is a threat the same as a vulnerability?

No. A threat is the source of potential harm, like an attacker or a phishing email, while a vulnerability is the weakness the threat exploits, like an unpatched system. You need both, plus an asset, for there to be actual risk.

### Does a threat always mean there's risk?

No. A threat only creates risk when it can actually exploit a vulnerability to compromise an asset. If you close the vulnerability, the threat still exists but the risk drops, which is the whole point of risk mitigation.

### Are insiders considered threats in AP Cybersecurity?

Yes. Insider adversaries are a distinct type of threat (EK 2.1.B.3) and a uniquely dangerous one, because they already have legitimate credentials and access to systems and data.

### How does a threat connect to defense in depth?

Because threats come in many forms, no single control can stop them all. Defense in depth layers multiple controls so each type of threat is met by the control best suited to mitigate it (EK 2.1.G.2).

## Related Study Guides

- [2.1 Cyber Foundations](/ap-cybersecurity/unit-2/cyber-foundations/study-guide/0oS8jJyX7iolYntwz5Eh)

## Structured Data

```json
{"@context":"https://schema.org","@graph":[{"@type":"LearningResource","@id":"https://fiveable.me/ap-cybersecurity/key-terms/threat#resource","name":"Threat — AP Cybersecurity Definition & Exam Guide","url":"https://fiveable.me/ap-cybersecurity/key-terms/threat","learningResourceType":"Concept explainer","educationalLevel":"AP® / High School","about":{"@id":"https://fiveable.me/ap-cybersecurity/key-terms/threat#term"},"audience":{"@type":"EducationalAudience","educationalRole":"student"},"dateModified":"2026-06-15T18:59:32.416Z","isPartOf":{"@type":"Collection","name":"AP Cybersecurity Key Terms","url":"https://fiveable.me/ap-cybersecurity/key-terms"},"publisher":{"@type":"Organization","name":"Fiveable","url":"https://fiveable.me"}},{"@type":"DefinedTerm","@id":"https://fiveable.me/ap-cybersecurity/key-terms/threat#term","name":"threat","description":"In AP Cybersecurity, a threat is any person, event, or action that can exploit a vulnerability to compromise an asset. It is one of the three pieces of risk, alongside the vulnerability it targets and the asset it endangers.","url":"https://fiveable.me/ap-cybersecurity/key-terms/threat","inDefinedTermSet":{"@type":"DefinedTermSet","name":"AP Cybersecurity Key Terms","url":"https://fiveable.me/ap-cybersecurity/key-terms"},"educationalAlignment":[{"@type":"AlignmentObject","alignmentType":"educationalSubject","educationalFramework":"AP® Course and Exam Description","targetName":"AP Cybersecurity Unit 2, Topic 2.1, LO 2.1.A"},{"@type":"AlignmentObject","alignmentType":"educationalSubject","educationalFramework":"AP® Course and Exam Description","targetName":"AP Cybersecurity Unit 2, Topic 2.1, LO 2.1.B"},{"@type":"AlignmentObject","alignmentType":"educationalSubject","educationalFramework":"AP® Course and Exam Description","targetName":"AP Cybersecurity Unit 2, Topic 2.1, LO 2.1.C"},{"@type":"AlignmentObject","alignmentType":"educationalSubject","educationalFramework":"AP® Course and Exam Description","targetName":"AP Cybersecurity Unit 2, Topic 2.1, LO 2.1.D"},{"@type":"AlignmentObject","alignmentType":"educationalSubject","educationalFramework":"AP® Course and Exam Description","targetName":"AP Cybersecurity Unit 2, Topic 2.1, LO 2.1.E"},{"@type":"AlignmentObject","alignmentType":"educationalSubject","educationalFramework":"AP® Course and Exam Description","targetName":"AP Cybersecurity Unit 2, Topic 2.1, LO 2.1.F"},{"@type":"AlignmentObject","alignmentType":"educationalSubject","educationalFramework":"AP® Course and Exam Description","targetName":"AP Cybersecurity Unit 2, Topic 2.1, LO 2.1.G"}]},{"@type":"FAQPage","mainEntity":[{"@type":"Question","name":"What is a threat in AP Cybersecurity?","acceptedAnswer":{"@type":"Answer","text":"A threat is any person, technique, or event that can exploit a vulnerability to harm an asset. It's the danger side of the risk equation defined in EK 2.1.D.1, alongside vulnerability and asset."}},{"@type":"Question","name":"Is a threat the same as a vulnerability?","acceptedAnswer":{"@type":"Answer","text":"No. A threat is the source of potential harm, like an attacker or a phishing email, while a vulnerability is the weakness the threat exploits, like an unpatched system. You need both, plus an asset, for there to be actual risk."}},{"@type":"Question","name":"Does a threat always mean there's risk?","acceptedAnswer":{"@type":"Answer","text":"No. A threat only creates risk when it can actually exploit a vulnerability to compromise an asset. If you close the vulnerability, the threat still exists but the risk drops, which is the whole point of risk mitigation."}},{"@type":"Question","name":"Are insiders considered threats in AP Cybersecurity?","acceptedAnswer":{"@type":"Answer","text":"Yes. Insider adversaries are a distinct type of threat (EK 2.1.B.3) and a uniquely dangerous one, because they already have legitimate credentials and access to systems and data."}},{"@type":"Question","name":"How does a threat connect to defense in depth?","acceptedAnswer":{"@type":"Answer","text":"Because threats come in many forms, no single control can stop them all. Defense in depth layers multiple controls so each type of threat is met by the control best suited to mitigate it (EK 2.1.G.2)."}}]},{"@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"AP Cybersecurity","item":"https://fiveable.me/ap-cybersecurity"},{"@type":"ListItem","position":2,"name":"Key Terms","item":"https://fiveable.me/ap-cybersecurity/key-terms"},{"@type":"ListItem","position":3,"name":"Unit 2","item":"https://fiveable.me/ap-cybersecurity/unit-2"},{"@type":"ListItem","position":4,"name":"threat"}]}]}
```
