A trust model is the set of assumptions a system makes about who can access data, when, and under what controls. In cyber security, it defines what the system promises to protect itself from and what it still relies on others to protect. For example, a messaging app with end-to-end encryption assumes the provider should not be able to read message content, while a platform-controlled chat assumes the service operator, account security, and policy enforcement are part of the protection boundary.
This matters because security claims depend on the model, not just on features. If encryption is optional or removed, the trust shifts toward the platform’s servers, identity controls, logging rules, and user account hygiene. Attackers often exploit gaps between the stated trust model and the actual one, such as weak authentication, compromised devices, or overbroad access inside a service. Defenders use trust models to decide what data needs stronger cryptography, tighter access control, and clearer user warnings.



