Skip to main content

Shostack + Friends Blog

Posts in category "ai"

a photograph of a robot, sitting in a library with high ceilings, frantically juggling glowing balls.

Strategy for threat modeling AI

Clarifying how to threat model AI (06 Mar 2025)

Adam and Venkat podcast episode

Threat Modeling and GenAI with Venkat Ramakrishnan

Podcast episode with Venkat Ramakrishnan discussing the intersection of GenAI and threat modeling (01 Aug 2024)

A DFD from Code.

Adventures in LLM Coding

Exploring LLM-driven coding as I get ready for Archimedes (21 Mar 2024)

a modern paper on a desk. it's a few pages long, and is in 12 point times roman font, double spaced and with lots of complex blue book citations in the text. The content of the text is a disciplinary hearing for a lawyer. The text is wierdly distorted, and the edges show signs of hallucination

Solving Hallucinations

Solving hallucinations in legal briefs is playing on easy mode —— and still too hard (23 Feb 2024)

AI will be the high interest credit card of 2023

(16 Jun 2023)

An AI generated image of scientists

Layoffs in Responsible AI Teams

Some inferences from layoffs in responsible AI teams (21 Apr 2023)

A diagram showing threats such as prompt injection and model theft that are threats to a ML tool

Five Threat Model Diagrams for Machine Learning

Some diagrams to help clarify machine learning threats (13 Apr 2023)

A banner with Adam Shostack and Gary McGraw

When will Adam be replaced by ChatGPT?

When will Adam Shostack be replaced by ChatGPT (01 Apr 2023)

An AI generated image of a robot making converation at a cocktail party

Bing’s ChatGPT

ChatGPT in the headlines again (21 Feb 2023)

Threat Model Thursday: BIML Machine Learning Risk Framework

Risk Framework and Machine Learning (27 Feb 2020)

Threat Modeling Thursday: Machine Learning

For my first blog post of 2020, I want to look at threat modeling machine learning systems. (02 Jan 2020)

Our Favorite Content

General threat modeling posts

The Security Principles of Saltzer and Schroeder, illustrated with Star Wars

Other Star Wars blog posts

Modeling attackers and their motives

Doing science with near misses

Posts about Adam’s “Threats” book

Posts about Adam’s “Threat Modeling” book

Posts about “The New School of Information Security” book

About this blog

Popular Blog Topics

Threat Model Thursday,
exploring specific published threat models

Threat Modeling (general topic)

Application Security

Software Engineering

Privacy + Personal Security

Research + Reports

Podcasts, Videos + Webinars

Subscribe (RSS/Mail)

RSS/ATOM: The RSS feed is here. We recommend RSS as the best way to follow this blog, and think generally RSS is the best way to take control of the information you take in. You can read our thinking here.

Email: If you’d like a lower volume set of updates on what Adam is doing, Adam’s New Thing gets only a few messages a year, guaranteed. We include a subset of posts in each.

Recent posts

Andor Threats: Information Disclosure

03 May 2025

What Andor can teach us about Information disclosure threats

The Empire’s Threat Modeling

02 May 2025

Get one fourth off for May the fourth!

Appsec Roundup - April 2025

27 Apr 2025

Threat modeling. So much threat modeling, and so much more, including foreshadowing of new rules from FDA.

Threat Informed Defense Series

25 Apr 2025

A great, in depth series on threat modeling with ATTACK

Our site works best with Javascript enabled, however we have done our best to minimize any negative impacts to your experience without it.