Shostack + Friends Blog

Posts in category “ai”

LLM Threat Modeling Is Fun

Exploring the fun in LLM threat modeling, and how it’s both an interface choice and a possibly ‘dark pattern’ (27 Apr 2026)

Lessons from Threat Modeling Intensive With AI

Actionable lessons from delivering Threat Modeling with AI, and using AI more generally. (23 Apr 2026)

Appsec roundup - March 2026

This month kicks off with Donald Knuth being shocked by LLMs, then goes into the threat modeling impact of right to repair, and how to TM MCP, and a whole lot more! (31 Mar 2026)

Appsec roundup - Feb 2026

This month's roundup starts with losing oneself, continues with cool new threat modeling tools and applications, and continues into appsec, AI and regulation. (03 Mar 2026)

Secure By Design roundup - Dec/Jan 2026

The normalization of deviance, exciting threat modeling news, and a question of do regulatory threats change ‘the threat model’ as much as GPS attacks? Not yet. (30 Jan 2026)

Threat Modeling in the Age of AI

Adam will be the featured speaker at the ISC2 Seattle Chapter meeting in February. (29 Jan 2026)

October Adam's New Thing!

Read up on Adam's New Thing from October (31 Oct 2025)

Prompt Engineering Requires Evaluation

Understanding ‘prompt engineering’ (20 Oct 2025)

Mansplaining your threat model, as a service

Everyone wants robots to help with threat models. How’s that working out? (26 Aug 2025)

Strategy for threat modeling AI

Clarifying how to threat model AI (06 Mar 2025)

Threat Modeling and GenAI with Venkat Ramakrishnan

Podcast episode with Venkat Ramakrishnan discussing the intersection of GenAI and threat modeling (01 Aug 2024)

Adventures in LLM Coding

Exploring LLM-driven coding as I get ready for Archimedes (21 Mar 2024)

Solving Hallucinations

Solving hallucinations in legal briefs is playing on easy mode —— and still too hard (23 Feb 2024)

AI will be the high interest credit card of 2023

(16 Jun 2023)

Layoffs in Responsible AI Teams

Some inferences from layoffs in responsible AI teams (21 Apr 2023)

Five Threat Model Diagrams for Machine Learning

Some diagrams to help clarify machine learning threats (13 Apr 2023)

When will Adam be replaced by ChatGPT?

When will Adam Shostack be replaced by ChatGPT (01 Apr 2023)

Bing’s ChatGPT

ChatGPT in the headlines again (21 Feb 2023)

Threat Model Thursday: BIML Machine Learning Risk Framework

Risk Framework and Machine Learning (27 Feb 2020)

Threat Modeling Thursday: Machine Learning

For my first blog post of 2020, I want to look at threat modeling machine learning systems. (02 Jan 2020)

Our Favorite Content

General threat modeling posts

The Security Principles of Saltzer and Schroeder, illustrated with Star Wars

Subscribe (RSS/Mail)

RSS/ATOM: The RSS feed is here. We recommend RSS as the best way to follow this blog, and think generally RSS is the best way to take control of the information you take in. You can read our thinking here.

Email: If you’d like a lower volume set of updates on what Adam is doing, Adam’s New Thing gets only a few messages a year, guaranteed. We include a subset of posts in each.