diff --git a/java/ql/lib/ext/threatmodels/supported-threat-models.model.yml b/java/ql/lib/ext/threatmodels/supported-threat-models.model.yml
new file mode 100644
index 00000000000..8c6c533228d
--- /dev/null
+++ b/java/ql/lib/ext/threatmodels/supported-threat-models.model.yml
@@ -0,0 +1,7 @@
+extensions:
+
+  - addsTo:
+      pack: codeql/java-all
+      extensible: supportedThreatModels
+    data:
+      - ["default"] # The "default" threat model is always included.
diff --git a/java/ql/lib/ext/threatmodels/threat-model-grouping.model.yml b/java/ql/lib/ext/threatmodels/threat-model-grouping.model.yml
new file mode 100644
index 00000000000..2b85b258b57
--- /dev/null
+++ b/java/ql/lib/ext/threatmodels/threat-model-grouping.model.yml
@@ -0,0 +1,23 @@
+extensions:
+
+  - addsTo:
+      pack: codeql/java-all
+      extensible: threatModelGrouping
+    data:
+      # Default threat model
+      - ["remote", "default"]
+      - ["uri-path", "default"]
+
+      # Android threat models
+      - ["android-external-storage-dir", "android"]
+      - ["contentprovider", "android"]
+
+      # Remote threat models
+      - ["request", "remote"]
+      - ["response", "remote"]
+
+      # Local threat models
+      - ["database", "local"]
+      - ["cli", "local"]
+      - ["environment", "local"]
+      - ["file", "local"]
diff --git a/java/ql/lib/qlpack.yml b/java/ql/lib/qlpack.yml
index a0936da34b3..8b5bd6697c2 100644
--- a/java/ql/lib/qlpack.yml
+++ b/java/ql/lib/qlpack.yml
@@ -16,4 +16,5 @@ dataExtensions:
   - ext/*.model.yml
   - ext/generated/*.model.yml
   - ext/experimental/*.model.yml
+  - ext/threatmodels/*.model.yml
 warnOnImplicitThis: true
diff --git a/java/ql/lib/semmle/code/java/dataflow/ExternalFlowConfiguration.qll b/java/ql/lib/semmle/code/java/dataflow/ExternalFlowConfiguration.qll
new file mode 100644
index 00000000000..a3bd7d158c2
--- /dev/null
+++ b/java/ql/lib/semmle/code/java/dataflow/ExternalFlowConfiguration.qll
@@ -0,0 +1,31 @@
+/**
+ * INTERNAL use only. This is an experimental API subject to change without notice.
+ *
+ * This module provides extensible predicates for configuring which kinds of MaD models
+ * are applicable to generic queries.
+ */
+
+private import ExternalFlowExtensions
+
+/**
+ * Holds if the specified kind of source model is supported for the current query.
+ */
+extensible private predicate supportedThreatModels(string kind);
+
+/**
+ * Holds if the specified kind of source model is containted within the specified group.
+ */
+extensible private predicate threatModelGrouping(string kind, string group);
+
+/**
+ * Gets the threat models that are direct descendants of the specified kind/group.
+ */
+private string getChildThreatModel(string group) { threatModelGrouping(result, group) }
+
+/**
+ * Holds if the source model kind `kind` is relevant for generic queries
+ * under the current threat model configuration.
+ */
+predicate sourceModelKindConfig(string kind) {
+  exists(string group | supportedThreatModels(group) and kind = getChildThreatModel*(group))
+}
diff --git a/java/ql/test/library-tests/dataflow/threat-models/Empty.java b/java/ql/test/library-tests/dataflow/threat-models/Empty.java
new file mode 100644
index 00000000000..5be35d3d2db
--- /dev/null
+++ b/java/ql/test/library-tests/dataflow/threat-models/Empty.java
@@ -0,0 +1 @@
+class Empty { }
diff --git a/java/ql/test/library-tests/dataflow/threat-models/threat-models1.expected b/java/ql/test/library-tests/dataflow/threat-models/threat-models1.expected
new file mode 100644
index 00000000000..d538019ccb7
--- /dev/null
+++ b/java/ql/test/library-tests/dataflow/threat-models/threat-models1.expected
@@ -0,0 +1,5 @@
+| default |
+| remote |
+| request |
+| response |
+| uri-path |
diff --git a/java/ql/test/library-tests/dataflow/threat-models/threat-models1.ql b/java/ql/test/library-tests/dataflow/threat-models/threat-models1.ql
new file mode 100644
index 00000000000..11371a749dd
--- /dev/null
+++ b/java/ql/test/library-tests/dataflow/threat-models/threat-models1.ql
@@ -0,0 +1,5 @@
+import semmle.code.java.dataflow.ExternalFlowConfiguration as ExternalFlowConfiguration
+
+query predicate supportedThreatModels(string kind) {
+  ExternalFlowConfiguration::sourceModelKindConfig(kind)
+}
diff --git a/java/ql/test/library-tests/dataflow/threat-models/threat-models2.expected b/java/ql/test/library-tests/dataflow/threat-models/threat-models2.expected
new file mode 100644
index 00000000000..809a018e98e
--- /dev/null
+++ b/java/ql/test/library-tests/dataflow/threat-models/threat-models2.expected
@@ -0,0 +1,10 @@
+| cli |
+| database |
+| default |
+| environment |
+| file |
+| local |
+| remote |
+| request |
+| response |
+| uri-path |
diff --git a/java/ql/test/library-tests/dataflow/threat-models/threat-models2.ext.yml b/java/ql/test/library-tests/dataflow/threat-models/threat-models2.ext.yml
new file mode 100644
index 00000000000..1d6ed8c4992
--- /dev/null
+++ b/java/ql/test/library-tests/dataflow/threat-models/threat-models2.ext.yml
@@ -0,0 +1,7 @@
+extensions:
+
+  - addsTo:
+      pack: codeql/java-all
+      extensible: supportedThreatModels
+    data:
+      - ["local"] # Add the "local" group threat model.
diff --git a/java/ql/test/library-tests/dataflow/threat-models/threat-models2.ql b/java/ql/test/library-tests/dataflow/threat-models/threat-models2.ql
new file mode 100644
index 00000000000..11371a749dd
--- /dev/null
+++ b/java/ql/test/library-tests/dataflow/threat-models/threat-models2.ql
@@ -0,0 +1,5 @@
+import semmle.code.java.dataflow.ExternalFlowConfiguration as ExternalFlowConfiguration
+
+query predicate supportedThreatModels(string kind) {
+  ExternalFlowConfiguration::sourceModelKindConfig(kind)
+}