
Shostack + Friends Blog
Recent Blog Posts


AI Insurance Won't Save You
LLM Insurance is, and will remain, a great source of insurer profits.

Secure By Design roundup - September 2025
The secret service, the CSRB, the CMMC, Sept was pretty busy in government. Plus Apple's Memory Integrity and a nice short paper on prompt-based attacks.

Adam Featured on Inside MedTech Innovation
Learn from the past and advance your threat modeling skills!

Lunar Rover Vehicle, Redux
What can the moon buggy teach us about modeling?

Apollo 15 Lunar Rover Vehicle
What can a signed Apollo 15 print teach us about modern threat modeling and risk management?

New Adventure! CyberSec Game Challenge 2025
Register for CyberSec Game Challenge 2025!

How could LLMs change threat modeling
LLMs will change threat modeling. Will it be for the better?

OWASP Training in Washington, D.C.
Register for OWASP training in Washington D.C.!

Our back to school sale
Our biggest back to school sale of the year!

Secure By Design roundup - July/Aug 2025
All the exciting secure by design news from the end of summer

Mansplaining your threat model, as a service
Everyone wants robots to help with threat models. How’s that working out?

Threat Modeling Tools
A 2025 view of threat modeling tools

Risk is not a hammer
My Usenix Enigma 2025 talk

LLMs as Compilers
What if we think about LLM coding as if it’s a compiler stage?