The Automation Illusion? What Machines Can't Do in Threat Modeling (god2025)

Chaos Computer Club - recent audio-only feed

Το περιεχόμενο παρέχεται από το CCC media team. Όλο το περιεχόμενο podcast, συμπεριλαμβανομένων των επεισοδίων, των γραφικών και των περιγραφών podcast, μεταφορτώνεται και παρέχεται απευθείας από τον CCC media team ή τον συνεργάτη της πλατφόρμας podcast. Εάν πιστεύετε ότι κάποιος χρησιμοποιεί το έργο σας που προστατεύεται από πνευματικά δικαιώματα χωρίς την άδειά σας, μπορείτε να ακολουθήσετε τη διαδικασία που περιγράφεται εδώ https://el.player.fm/legal.

11d ago 39:58

MP3•Αρχική οθόνη επεισοδίου

Threat modeling stands at a critical juncture. While essential for creating secure systems, it remains mostly manual, handcrafted, and often too slow for today's development cycles. At the same time, automation and AI offer new levels of speed and scalability— but how much can we rely on them? This talk explores the tension between automation and human expertise in threat modeling. We'll dissect the traditional threat modeling process—scoping, modeling, threat identification, risk analysis, and mitigation—and perform a step-by-step gap analysis to identify what can realistically be automated today, what cannot, and why. We'll dive into: Current tooling: Review the AI threat modeling tools that handle diagram-based automation, template-driven modeling, risk scoring, and pattern matching. Emerging AI use cases: automatically generating threat models from architecture diagrams, user stories, or use case descriptions; providing AI-assisted mitigation suggestions; and conducting NLP-driven threat analysis. Limitations and risks: False confidence, hallucinations, model bias, ethical accountability, and the challenge of modeling new or context-specific threats. We will ground this analysis with examples from organizations and academic research that aim to scale threat modeling without compromising depth or quality, drawing parallels to how other activities, such as SAST and DAST scanning, evolved. Attendees will walk away with a practical roadmap for integrating automation without undermining the human insight threat modeling still requires. This talk isn't a tool pitch. It's a candid, experience-based view of where automation can meaningfully accelerate threat modeling—and where the human must remain firmly in the loop. Licensed to the public under https://creativecommons.org/licenses/by-sa/4.0/ about this event: https://c3voc.de

2407 επεισόδια

#CCC media team #Ccc Congress Hacking Security Netzpolitik #Sicherheit #Technologie #Software-Entwicklung