Shostack + Friends Blog

 

Why PHANTOM-B?

Adam Shostack, Shostack + Associates

Our newest whitepaper introduces a new threat elicitation tool engineered specifically for LLMs. A robot studies glowing ghosts on a whiteboard

If you are a security engineer helping your team ship products built on Large Language Models (LLMs), you already know the crushing weight of the current AI security landscape. The threat landscape is evolving by the hour, leadership wants the product deployed yesterday, and the volume of academic papers, frameworks, and compliance documents is completely overwhelming.

Resources like MITRE ATLAS, NIST’s AI RMF, and hundreds of research papers are brilliant and deep—but they are built for exhaustive thoroughness, not for velocity. They don’t help an engineering team working under intense, real-world deployment constraints.

We needed a tool built for speed, memory, and immediate action. That is why we created PHANTOM-B, and we are incredibly excited to introduce it to the security community.

Ahead of our upcoming Black Hat briefing, we are releasing the official PHANTOM-B whitepaper to give you an early look at the framework. Here is why we built it, what problem it solves, and why you will want to catch the live talk in Las Vegas.

What is PHANTOM-B?

At its core, PHANTOM-B is a tool to structure how you answer the question, "What can go wrong with the LLM parts of the system?"

For more than 25 years, threat modeling has relied on the STRIDE mnemonic to help engineers systematically uncover security flaws during the software development lifecycle. STRIDE is elegant, accessible, and prioritized. But generative AI introduces distinct behaviors that traditional threat models weren't designed to catch.

PHANTOM-B is a STRIDE-analogous mnemonic engineered specifically for LLMs. Developed and validated alongside hyperscalers and globally significant financial institutions, its eight core threats are grounded in cognitive psychology research on expert scaffolding and mental "chunking." It cuts through the complex jargon of "kill chains" to give engineering teams an accessible, highly focused map of LLM-specific risks.

How It Differs From a Vulnerability List

A common trap in AI security right now is relying solely on vulnerability lists like the OWASP LLM Top 10. While those lists are excellent for awareness, a list of general vulnerabilities cannot tell you how your specific architecture will fail.

Unlike a static list of flaws, PHANTOM-B is a threat elicitation tool.

Instead of asking, "What goes wrong with LLMs generally?" PHANTOM-B forces your team to ask, "What can go wrong in this system?" It focuses purely on what engineering and product teams can actually control and influence within a real production timeline.

What It Solves for Teams Under Pressure

The biggest barrier to threat modeling AI systems isn't a lack of information—it’s an excess of it. Security teams are paralyzed trying to map every theoretical exploit paper published on arXiv.

PHANTOM-B cuts through the noise. It gives your team a repeatable, lightweight facilitation approach that can be applied to any LLM deployment in under an hour. It scales down the overwhelming universe of AI security research into an actionable map, showing you exactly how these new risks fit relative to your existing Secure Development Lifecycle (SDL), OWASP, and ATLAS.

Read the Whitepaper, Experience the Briefing

The PHANTOM-B framework is designed to be adopted immediately, which is why we are putting the core methodology into the whitepaper for you to read, dissect, and experiment with.

But reading the framework is only the first step. At Black Hat, we are going to dive into the operational mechanics that a document can't fully capture. We will map out exactly how to shift your defensive strategies as these risks evolve, what fundamentally changes in your PSIRT process, and how to successfully divvy up ongoing security responsibilities between your security team and product engineers.

We can't wait to share this framework with the community and see how you use it to secure the next generation of software.

Dive into Threat Modeling with Complete AI at Black Hat USA 2026

If you need to hone your skills at threat modeling AI systems or using LLMs in your threat modeling, we've got the perfect training at Black Hat. The Threat Modeling Intensive with Complete AI course runs August 1-4.

Regular pricing ends tomorrow. Paying the late or on-site price isn't going to appear on any threat model, but it's worth avoiding.

Register Now

Image by midjourney: A photograph of a robot standing at a whiteboard covered in dense academic diagrams and papers, confidently crossing most of it out and replacing it with eight simple glowing symbols in bright marker. The robot has a slight resemblance to a protocol droid tall, polished, vaguely C-3PO in posture but clearly its own design. The lighting is cinematic and slightly dramatic, with a warm amber glow from one side suggesting a distant star or setting sun through a high window. The overall mood is purposeful and a little heroic, like a briefing before a critical mission.
Image modified by Gemini: Take this image and add ghosts on the whiteboard, specifically swapping them for the symbols in the nine box of glowing symbols in front of the robot.