Why STRIDE Breaks When You Threat Model AI Agents (And What to Do Instead)
STRIDE was built for deterministic systems. Agentic AI breaks its core assumptions. Here is a five-zone method that actually finds EchoLeak-class attacks.
Read articlels ./writing
Writing.
Long-form writing on cybersecurity. Threat modeling, AI security, ML security, AppSec, and the spaces where classical methods stop working.
Filter by reading time or year
Posts
Red Teaming Generative AI: Language as the New Exploit Vector
Prompts are payloads. Why classical red-teaming misses LLM-native attacks, and how to design adversarial tests that surface jailbreaks, tool misuse, and goal hijack.
Read articleHow to Fortify IoT Devices Against Hidden Cyber Threats
IoT devices fail open by default. A pragmatic checklist for hardening firmware, networks, and lifecycle management against the threats most teams overlook.
Read articleBuild Ironclad ML Security Fast: MAESTRO Framework Explained
CSA's MAESTRO framework, explained for practitioners. Layer-by-layer attack surface, control mapping, and how to apply it to your ML pipeline this week.
Read articleWin the AI Security Battle: Essential Moves for Leaders
Five concrete moves security leaders should make this quarter to keep up with AI adoption, without slowing the teams shipping it.
Read articleElevate Cyber Defense: Start Threat Modeling Now
Why threat modeling is the highest-leverage activity in a security program, and how to start without buying tooling or hiring consultants.
Read articleTransform Your Security Strategy with Leading Threat Modeling Tools
A practitioner's comparison of OWASP Threat Dragon, IriusRisk, Microsoft Threat Modeling Tool, and others, with concrete picks by team size and maturity.
Read articleCyber Resilience: How to Implement Cutting-Edge Threat Modeling Techniques
Beyond STRIDE: attack trees, PASTA, kill chains, and how to combine them into a methodology your engineers will actually use.
Read articleAdvance Your Security: PenTesting's Critical Edge in ISO 27001
Where pentesting fits inside an ISO 27001 program, what auditors look for, and how to scope tests so they produce defensible evidence, not just findings.
Read articleEmpower Your Security: Essential Insights into Threat Modeling
A foundational guide to threat modeling: what it is, when to do it, who should be in the room, and the seven questions every model must answer.
Read article