Shostack + Friends Blog

Recent Blog Posts

Prompt Engineering Requires Evaluation

(20 Oct 2025)

 

AI Insurance Won't Save You

LLM Insurance is, and will remain, a great source of insurer profits. (08 Oct 2025)

 

Secure By Design roundup - September 2025

The secret service, the CSRB, the CMMC, Sept was pretty busy in government. Plus Apple's Memory Integrity and a nice short paper on prompt-based attacks. (01 Oct 2025)

 

Adam Featured on Inside MedTech Innovation

Learn from the past and advance your threat modeling skills! (29 Sep 2025)

 

Lunar Rover Vehicle, Redux

What can the moon buggy teach us about modeling? (17 Sep 2025)

 

Apollo 15 Lunar Rover Vehicle

What can a signed Apollo 15 print teach us about modern threat modeling and risk management? (15 Sep 2025)

 

New Adventure! CyberSec Game Challenge 2025

Register for CyberSec Game Challenge 2025! (12 Sep 2025)

 

How could LLMs change threat modeling

LLMs will change threat modeling. Will it be for the better? (09 Sep 2025)

 

OWASP Training in Washington, D.C.

Register for OWASP training in Washington D.C.! (08 Sep 2025)

 

Our back to school sale

Our biggest back to school sale of the year! (05 Sep 2025)

 

Secure By Design roundup - July/Aug 2025

All the exciting secure by design news from the end of summer (31 Aug 2025)

 

Mansplaining your threat model, as a service

Everyone wants robots to help with threat models. How’s that working out? (26 Aug 2025)

 

Threat Modeling Tools

A 2025 view of threat modeling tools (25 Aug 2025)

 

Risk is not a hammer

My Usenix Enigma 2025 talk (12 Aug 2025)

 

LLMs as Compilers

What if we think about LLM coding as if it’s a compiler stage? (29 Jul 2025)