Some pondering questions for all to spark some discussion
Do we solely rely on AI tooling for modelling now?
There are now a lot AI agents that help this undertaking. I understand why we can use them but are they actually now being relied upon because they are faster at getting to an output?
What are the dangers of over use of AI here?
Is it a Quick over Quality output?
There should always be someone ’ in the loop’ regarding AI technology, where does that factor in during threat modelling?
What are your thoughts?
Is the use of AI a must have…A collaborative tool…or the golden key to all our problems?
In threat modeling, there is always the threat that you miss a crucial threat because you don’t use tool X. Particular AI solution can be such a tool X. Just like other tools. Might miss out because I don’t have LINDDUN in my mix. Or I don’t have that clever thing from the Threagile rule engine. Or I didn’t ask @RonMK
More eyes see more. We want something with enough people and effective tools, so that we can have good results.
That something is a mix of things. We should not fall victim to Saviour tool misconception.
I 100% agree, the over reliance on the next ‘super tool’ that identifies all threats whilst making you coffee, although the coffee would be a bonus, is the potential worry
I would really love to hear from anyone who is leveraging AI for threat modelling to the point where it has become a huge win or it’s become essential?
We had cool AI experiences with our TMC DACH Online Dating like Tinder prep. More about the event in the respective forum post for context.
Apparently, a lot about Online Dating Security had already been written and learned and could be presented nicely by AI. Probably an advantage with well understood domain and not reinventing the wheel.
We had some impressive results when asking for Online Dating real life threats and Online Dating threats from provider. Also, in a deep dive about Love Scam, AI could provide compelling pretexts. Really useful for attackers also.
But as memtioned above, the whole mix shaped the picture: Prep on my own, discussions with @Laxarella + @RonMK + Laura, AI research, final practice, the 3 TM sessions with our members.
And that was play. Mix recommended even more when your business success or failure depends on it.
