ATLSECCON 2025

Threat modeling is an essential part of the system development lifecycle and should be continuously updated whenever a system undergoes changes. Traditionally, security architects create an initial threat model and review it periodically, but this approach can leave critical risks undetected between review cycles. Agile threat modeling integrates developers into the process, allowing security concerns to be addressed as soon as changes are committed. This presentation explores threat modeling in the context of machine learning (ML) pipelines, demonstrating how application-specific risks can be combined with ML model risk cards. Key topics include the importance of threat modeling in ML development, different methodologies such as STRIDE, LINDDUN, and MITRE ATLAS, and how they work together. A hands-on example will showcase "Threat Modeling as Code" using ThreAgile, an open-source tool applied to a personal assistant GenAI project. The session will conclude with best practices and an overview of the limitations of various threat modeling approaches.