< ciso
brief />
Tag Banner

All news with #threat modeling tag

14 articles

Operational Guardrails for AI-Assisted Vulnerability Management

🛡️ This article from Mandiant Consulting outlines practical guidance for safely integrating AI agents into vulnerability discovery and remediation workflows. It emphasizes grounding AI adoption in established frameworks such as NIST RMF, OWASP for LLMs, and Google’s SAIF, and prescribes layered defenses including deterministic policy engines, sandboxed agent workloads, zero data retention agreements, and human-led red teaming. The post also stresses threat modeling, least-privileged machine identities, supply chain vigilance for agent skills, and runtime observability to prevent data exfiltration and prompt-injection risks.
read more →

NCSC guidance to frustrate penetration testers

🔒 The NCSC asked pen testers what makes their work harder and published recommendations to boost organisational resilience. Responses emphasise secure-by-design practices—like threat modelling, phishing-resistant MFA, avoiding hard-coded credentials, and early input validation—alongside network segmentation and strong OT/IT separation. The guidance also highlights the critical role of quality logging, monitoring and exercised incident response to detect and respond to intrusions.
read more →

AWS Security Agent expands to new regions

🛡️ AWS Security Agent (now part of AWS Continuum) is available in Asia Pacific (Mumbai), Asia Pacific (Singapore), and South America (São Paulo). Customers in these regions can access STRIDE-based threat modeling (preview), full-repo and PR-level code reviews (preview) across major source platforms, managed compliance packs, and custom security requirements. New IDE plugins and MCP integration enable triggering threat modeling, code reviews, and remediation from Kiro or Claude Code, while on-demand penetration testing and retesting provide validated findings and fixes; simulated validation remains only in US East (N. Virginia).
read more →

Detection engineering rises as a core SOC capability

🔍 Detection engineering has moved from a niche role to a strategic imperative for many organizations, focused on building tailored, behavior-driven alerts that reduce false positives and improve response. It emphasizes threat modeling, SDLC/CI-CD practices, and integration of threat intelligence to craft detections specific to an organization’s environment. A SANS-Anvilogic survey found broad investment and leadership support, while AI and automation are increasingly used to tune rules and scale workflows.
read more →

Scaling AI Red Teaming for Enterprise Security

🛡️ Enterprise AI red teaming must go beyond simple prompt tests to examine full systems — models, prompts, retrievals, tools, permissions, workflows, and APIs — because risks appear when components interact. Check Point argues that threat intelligence plus threat modeling enables identification of realistic attack paths, evidence-based findings, and prioritized remediation. Continuous, comparative testing and re-testing after changes ensures fixes are effective and keeps pace with rapid AI adoption.
read more →

AWS Security Agent Adds AI Threat Modeling

🔍 AWS Security Agent, now part of AWS Continuum, introduces an AI-powered threat modeling capability in public preview that automatically generates threat models from design documents or source code. The agent analyzes application architecture, data flows, and trust boundaries to identify threats across all six STRIDE categories and recommends mitigations. Developers can integrate the agent into IDEs such as Kiro and Claude Code for early design-phase assessments, while security teams can perform pre-deployment reviews. The feature is available in all regions supported by AWS Security Agent at no extra cost during the preview.
read more →

Measuring AI Security: Limits of Benchmarks and Assurance

🔒 AI security cannot be reduced to a single benchmark. Over the past 30 years software security evolved from black‑box penetration testing to white‑box analysis and process-driven standards such as BSIMM, and the report argues that AI requires a similar assurance-first approach. Benchmarks fail to capture emergent, systemic properties, so organizations should clean up their WHAT piles, adopt risk-based processes, and accept that there is no simple security meter for AI.
read more →

Microsoft MDASH: Multi-Model AI for Vulnerability Discovery

🛡️ Microsoft introduced MDASH (multi-model agentic scanning harness), a model-agnostic AI system in limited private preview designed to discover, validate, and prove exploitable defects in large codebases. The system orchestrates more than 100 specialized agents across frontier and distilled models in a structured pipeline that builds threat models, runs auditor and debater stages, groups equivalent findings, and proves vulnerabilities. Microsoft reports MDASH uncovered 16 issues fixed in this month’s Patch Tuesday, including two critical Windows networking and authentication flaws.
read more →

Deterministic vs Agentic AI in Security Validation

🔒 AI adoption is now a boardroom expectation, and Pentera’s AI Security and Exposure Report 2026 reports that every CISO surveyed already uses AI across their organizations. The piece argues that fully agentic systems, while powerful and adaptive, introduce probabilistic variability that undermines repeatable, measurable security validation. A hybrid approach—deterministic orchestration for consistent attack chains combined with AI for adaptive payloads and environmental interpretation—provides guardrails while preserving realism. This anchoring enables reliable retesting and continuous exposure validation without sacrificing contextual intelligence.
read more →

A Taxonomy of Cognitive Security and Reality Pentesting

🧠 Bruce Schneier highlights K. Melton’s recent framework on cognitive security, cognitive hacking, and “reality pentesting.” Melton organizes cognition into five architectural layers—sensory interface, neurocompiler, mind kernel, the mesh, and cultural substrate—and shows how fast, unconscious processes (Kahneman’s System 1) create exploitable backdoors. The taxonomy frames human perception as an IT-like attack surface and suggests practical implications for testing, defense, and threat modeling.
read more →

Adapting Threat Modeling for AI Applications at Scale

🛡️ The Microsoft Security Blog explains why threat modeling must be retooled for AI systems, noting that probabilistic behavior and complex input spaces require reasoning about ranges of likely outcomes rather than single execution paths. It identifies three core drivers — nondeterminism, instruction‑following bias, and system expansion through tools and memory — which widen attack surfaces and surface human‑centered risks like erosion of trust. The post advises starting from assets, mapping untrusted inputs, setting clear 'never do' boundaries, and embedding architectural mitigations, observability, and response plans to limit blast radius and sustain trust.
read more →

New Paradigm for Training Secure Software Engineers

🔒 As AI-assisted coding reshapes software delivery, security training must move from line-by-line vulnerability spotting to cultivating system-level judgment. Automated tools will increasingly catch common issues, but developers must learn threat modeling, identify unsafe assumptions in AI-generated code, and understand which automated gates require human review. Effective programs are bite-sized, hands-on, and embedded in toolchains, using contextual guardrails and micro-learning to teach in the flow of work.
read more →

The Promptware Kill Chain: A Framework for AI Threats

🛡️ The authors present a seven-step “promptware kill chain” to reframe prompt injection as a multistage malware paradigm targeting modern LLM-based systems. They describe how Initial Access can be direct or indirect—via web pages, emails, shared documents, or multimodal inputs—and how LLMs’ lack of separation between data and executable instructions enables escalation. The paper catalogs stages from jailbreaking and reconnaissance to persistence, C2, lateral movement, and harmful Actions on Objective, urging defenses that assume initial compromise and break the chain at later steps.
read more →

Threat Modeling Your Digital Life Under Authoritarianism

🔒 The article argues that personal threat modeling must adapt as governments increasingly combine their extensive administrative records with corporate surveillance data. It details what kinds of government-held data exist, how firms augment those records, and the distinct dangers of targeted versus mass surveillance. Practical mitigations are discussed—encryption, scrubbing accounts, burner devices—and the piece stresses that every defensive choice is a trade-off tied to individual goals.
read more →