Appsec roundup - Feb 2026
This month's roundup starts with losing oneself, continues with cool new threat modeling tools and applications, and continues into appsec, AI and regulation.
This month leads off with Lose Myself by Greg Knauss, reflecting on the change that LLMs are imposing on software development.
Threat Modeling
- Flowstrider is a new “architectural threat modeling tool designed to support the identification, mitigation, documentation, and management of threats in a given software system.” There’s also an academic paper.
- In Using threat modeling and prompt injection to audit Comet, Trail of Bits describes how they threat modeled Perplexity’s Comet Browser. A few comments: I’d have liked to see external web servers as external entities, I think that’d be useful. But I love that Perplexity is publishing their threat model!
Appsec
- Tanya Janca has been driving towards a a parliamentary petition to require secure coding in federal software. I’d previously thought it was not sufficiently aligned with SSDF, she’s argued that current SSDF-style approaches are insufficiently precise for developers. I think it’s a good conversation to have and support the petition.
- In Google API Keys Weren't Secrets. But then Gemini Changed the Rules, Joe Leon explains that “Google Cloud uses a single API key format (AIza...) for two fundamentally different purposes: public identification and sensitive authentication.”
- In A Blow to the Phone-Free Classroom, the New York Times espouses testing, saying “In some schools, Yondr, a pouch marketed to keep kids off devices, has proved no match for actual children.” Previously.
AI
- In Why is Claude an Electron App?, Drew Breunig asks why Claude is shipping an Electron app if code is now free? Also, Anthropic, makers of Claude, have announced Claude Code Security, a product, while CheckPoint researchers have security flaws including remote code execution and API key exfiltration.
- In Agents Are More Like Humans Than Workloads. Here’s Why That Matters for Identity, Ryan Hurst muses on the relationship between agents, authorization and identification, and the properties that may be required. Key quote: “The moment an agent injects Alice’s password into a legacy SaaS app, all of the governance properties this post argues for vanish.”
Regulation
- Secure by Design or Deficiency by Default: Navigating the FDA’s 2026 Inspection Reality by Naomi Schwartz makes public a perspective that I’ve heard a lot in private conversation. Note in particulate the slide on ‘internal risk assessment,’ around 19 minutes in, and associated discussion.
- In Resist ‘dangerous and socially unacceptable’ age checks for social media, scientists warn, Politico reports on an open letter to governments, signed by 370 computer security experts, including me.
Shostack + Associates News
- We welcomed Kymberlee Price as our new COO.
- We released our first-ever threat advisory: Threat Advisory: GPS Attacks [SA-26-01]. Why? Well, that is a frequently asked question, and there’s an FAQ at the end of the advisory.
- At RSA, Adam will be speaking with Adrian Sanabria on A Failure Is a Terrible Thing to Waste: The Case for Breach Transparency.
Image by midjourney: ”a photograph of a robot, sitting in a library, working on a jigsaw puzzle. The robot is spotlighted by light streaming in through a small window, through which you can it's snowing.” I appreciate how this one is holding up the jigsaw and it’s snowing inside, both demonstrating AI is bad at concepts.