Why STRIDE Breaks When You Threat Model AI Agents (And What to Do Instead)
STRIDE was built for deterministic systems. Agentic AI breaks its core assumptions. Here is a five-zone method that actually finds EchoLeak-class attacks.
Read articletopic / Threat Modeling
Threat Modeling.
STRIDE, PASTA, OCTAVE, attack trees, kill chains, MAESTRO, the five-zone method. The trade-offs decide which one fits your system. Threat modeling returns more security per hour invested than any other practice; the only frameworks worth learning are the ones that match the architecture you're defending.
Writing under this topic.
5 posts.
Elevate Cyber Defense: Start Threat Modeling Now
Why threat modeling is the highest-leverage activity in a security program, and how to start without buying tooling or hiring consultants.
Read articleTransform Your Security Strategy with Leading Threat Modeling Tools
A practitioner's comparison of OWASP Threat Dragon, IriusRisk, Microsoft Threat Modeling Tool, and others, with concrete picks by team size and maturity.
Read articleCyber Resilience: How to Implement Cutting-Edge Threat Modeling Techniques
Beyond STRIDE: attack trees, PASTA, kill chains, and how to combine them into a methodology your engineers will actually use.
Read articleEmpower Your Security: Essential Insights into Threat Modeling
A foundational guide to threat modeling: what it is, when to do it, who should be in the room, and the seven questions every model must answer.
Read article