Shostack + Friends Blog

 

What to Expect: Threat Modeling Intensive with Complete AI

Kymberlee Price, Shostack + Associates

Learn what goes into our Threat Modeling Intensive with Complete AI A vector art depiction of students and robots collaborating in Adam Shostack's Threat Modeling Intensive with Complete AI

Join us at Black Hat USA 2026

Adam and the team will be at Black Hat USA in Las Vegas, August 1-6. The Threat Modeling Intensive with Complete AI course runs August 1-4, alongside the briefing Threat Modeling LLMs: The PHANTOM-B Model.

Regular pricing ends July 17.

Register Now

There's lots of discussions around AI and threat modeling. Any time you open LinkedIn or another social media platform, a new model or tool is released, and it's almost impossible to discern between quality advice vs. trending one-liners.

We often hear questions like:

  • I'm an engineer: How is AI changing my threat modeling? When do I use an LLM? How? Why?
  • I'm a manager: What are the benefits and tradeoffs of using an LLM in my team's threat modeling program? How much time are we saving or losing?
  • I'm a business executive: How can my organization leverage AI as a tool? How can we update our threat modeling program and ensure these changes work?

The S+A team worked hard to develop our Threat Modeling Intensive with Complete AI to answer these exact questions. By the end of this 4-day training, participants will learn how to use AI as a force multiplier for threat modeling. As artifical intelligence is changing how security professionals work, we believe that effective threat modeling still requires human expertise, critical thinking, and sound engineering judgement. The purpose of this course is to build those threat modeling fundamentals and then explore AI-assisted workflows to see where AI excels, fails, and requires practical judgement.

Our day-by-day breakdown is scaffolded to build threat modeling expertise from the ground up.

  • Day 1: Students will learn the fundamentals of threat modeling, starting with the Four Question Framework. During the first day, students will focus on answering the questions: What are we working on? What can go wrong? What are we going to do about it?
  • Day 2: From there, students will start the day by answering the question: Did we do a good job? Afterwards, students will apply their toolbelt of skills by completing an end-to-end exercise before starting to see how LLMs help us threat model. Students are introduced to LLMs and focus on understanding how they are created and operated to foreshadow where things can go wrong.
  • Day 3: After crossing the halfway mark, students learn about threats to LLMs and how to use different risk analysis frameworks to understanding threats to LLMs.
  • Day 4: Our final day dives deep into using LLMs to deliver threat modeling, including understanding systems, threats to them, and mitigations. Training then wraps up with a hackathon-style exercise and a discussion for how to bring the course's takeaways to our jobs.

If you or your team are ready to level up your threat modeling, why not learn from Adam Shostack, one of the world's leading experts in threat modeling, and our team of industry experts? We deliver the best threat modeling training, so you and your team can scale with AI and feel confident in your program.

Our next training delivery is at Black Hat 2026 USA from August 1-4. Don't miss this chance to level up your threat modeling program.

Still not convinced? Hear from Adam himself about what to expect!

Image by Midjourney: "A photograph of security professionals in a bright classroom, instructor gesturing to a screen with threat diagrams, several small friendly robots assisting at laptops and whiteboards, warm summer sunlight, indigo purple, lime green, bright orange, red-orange palette, style of impressionist colorism, watercolor, clean lines --ar 8:3 --v 6.1 ."