Threat Modeling in the Age of AI
Adam Shostack
DEF CON 32 Main Stage · Day 1 · Main Stage
In an insightful presentation at DEF CON 32’s AppSec Village, renowned threat modeling expert Adam Shostack addressed the critical intersection of artificial intelligence and cybersecurity. His talk, "Threat Modeling in the Age of AI," provided a foundational perspective on how established security practices can and must adapt to the rapidly evolving landscape dominated by large language models (LLMs). Shostack's core message underscored the enduring relevance of proactive security design, likening threat modeling to the crucial "measure twice, cut once" principle in physical construction, now applied to the intricate architecture of AI systems.
AI review
Adam Shostack delivers a critically important and refreshingly direct talk on applying foundational threat modeling principles to the rapidly evolving AI/LLM landscape. He cuts through the hype to provide a practical framework for securing these complex systems, emphasizing proactive design over reactive patching. While not a novel attack vector, the talk offers a crucial adaptation of a core security engineering discipline to a new attack surface, making it highly actionable and relevant for anyone building or defending AI-powered solutions.