This disclosure is directed to a context-aware proactive threat management system. In general, a device may use internal activity data along with data about external activities (e.g., provided by remote resources) for threat assessment and mitigation. A device may comprise, for example, a hostile environment detection (HED) module to coordinate threat assessment and mitigation. The HED module may accumulate internal activity data (e.g., from security services in the device), and external activity data regarding a system environment and/or a physical environment from the remote resources. The HED module may then assess threats based on the activity data and determine automated and/or manual mitigation operations to respond to the threats. In one embodiment, visualization features may also be used to, for example, visualize threats to a user, visualize automatic/manual mitigation operations, request user confirmation regarding the performance of manual mitigation operations, etc.