Skip to main content

Shostack + Friends Blog

Posts in category “ai”

October Adam's New Thing!

Read up on Adam's New Thing from October (31 Oct 2025)

Prompt Engineering Requires Evaluation

(20 Oct 2025)

Mansplaining your threat model, as a service

Everyone wants robots to help with threat models. How’s that working out? (26 Aug 2025)

Strategy for threat modeling AI

Clarifying how to threat model AI (06 Mar 2025)

Threat Modeling and GenAI with Venkat Ramakrishnan

Podcast episode with Venkat Ramakrishnan discussing the intersection of GenAI and threat modeling (01 Aug 2024)

Adventures in LLM Coding

Exploring LLM-driven coding as I get ready for Archimedes (21 Mar 2024)

Solving Hallucinations

Solving hallucinations in legal briefs is playing on easy mode —— and still too hard (23 Feb 2024)

AI will be the high interest credit card of 2023

(16 Jun 2023)

Layoffs in Responsible AI Teams

Some inferences from layoffs in responsible AI teams (21 Apr 2023)

Five Threat Model Diagrams for Machine Learning

Some diagrams to help clarify machine learning threats (13 Apr 2023)

When will Adam be replaced by ChatGPT?

When will Adam Shostack be replaced by ChatGPT (01 Apr 2023)

Bing’s ChatGPT

ChatGPT in the headlines again (21 Feb 2023)

Threat Model Thursday: BIML Machine Learning Risk Framework

Risk Framework and Machine Learning (27 Feb 2020)

Threat Modeling Thursday: Machine Learning

For my first blog post of 2020, I want to look at threat modeling machine learning systems. (02 Jan 2020)

Our Favorite Content

General threat modeling posts

The Security Principles of Saltzer and Schroeder, illustrated with Star Wars

Other Star Wars blog posts

Modeling attackers and their motives

Doing science with near misses

Posts about Adam’s “Threats” book

Posts about Adam’s “Threat Modeling” book

Posts about “The New School of Information Security” book

About this blog

Popular Blog Topics

Threat Model Thursday,
exploring specific published threat models

Threat Modeling (general topic)

Application Security

Software Engineering

Privacy + Personal Security

Research + Reports

Podcasts, Videos + Webinars

Subscribe (RSS/Mail)

RSS/ATOM: The RSS feed is here. We recommend RSS as the best way to follow this blog, and think generally RSS is the best way to take control of the information you take in. You can read our thinking here.

Email: If you’d like a lower volume set of updates on what Adam is doing, Adam’s New Thing gets only a few messages a year, guaranteed. We include a subset of posts in each.

Recent posts

Stop Trying to Manage Risk!

05 Nov 2025

Risk doesn’t do what we hope. We need to talk.

October Adam's New Thing!

31 Oct 2025

Read up on Adam's New Thing from October

The Moonwalkers

30 Oct 2025

Go see The Moonwalkers

OWASP Board Thoughts 2025

24 Oct 2025

Please vote for the OWASP 2025 board

Our site works best with Javascript enabled, however we have done our best to minimize any negative impacts to your experience without it.