Software Engineering Radio - the podcast for professional software developers SE Radio 648: Matthew Adams on AI Threat Modeling and Stride GPT
16 snips
Dec 27, 2024 Matthew Adams, Head of Security Enablement at Citi, dives into the revolutionary role of large language models like Stride GPT in threat modeling. He shares insights on the STRIDE methodology and the historical context of security frameworks. The conversation explores practical applications in web development, the need for contextual judgment in security measures, and overcoming challenges like AI hallucinations. Adams also discusses empowering small businesses through open-source tools and highlights the transformative potential of AI in incident response.
AI Snips
Chapters
Transcript
Episode notes
Elements of Threat Model
- Define assets to protect, establish trust boundaries, identify attack surfaces, consider threat actors and their capabilities, and determine mitigations.
- These elements constitute the core components for building a threat model.
STRIDE's Popularity
- STRIDE's simplicity and longevity make it easily understood across disciplines.
- It's a simple framework for enumerating threats without needing security expertise.
StrideGPT's Origin
- Matthew Adams sought a valuable cybersecurity use case for LLMs.
- He combined LLMs with threat modeling, a process he found many teams struggled with.