Why STRIDE Breaks When You Threat Model AI Agents (And What to Do Instead)
STRIDE was built for deterministic systems. Agentic AI breaks its core assumptions. Here is a five-zone method that actually finds EchoLeak-class attacks.
Read articletopic / AI Security
AI Security.
AI systems break the boundary between code and data. Threat models built before LLMs miss most of what matters. Notes on red teaming, threat modeling for agents, and the practitioner's view of what classical security thinking can and cannot say about a model.
Writing under this topic.
4 posts.
Red Teaming Generative AI: Language as the New Exploit Vector
Prompts are payloads. Why classical red-teaming misses LLM-native attacks, and how to design adversarial tests that surface jailbreaks, tool misuse, and goal hijack.
Read articleBuild Ironclad ML Security Fast: MAESTRO Framework Explained
CSA's MAESTRO framework, explained for practitioners. Layer-by-layer attack surface, control mapping, and how to apply it to your ML pipeline this week.
Read articleWin the AI Security Battle: Essential Moves for Leaders
Five concrete moves security leaders should make this quarter to keep up with AI adoption, without slowing the teams shipping it.
Read article