A major update to the definitive guide on threat modeling techniques for secure by design

More than just a second edition, Threat Modeling: Designing for Security in an AI World thoroughly updates and expands on Adam Shostack's classic text and structured approach to analyzing and designing systems, software, and services for security flaws to address threats and technologies that didn’t exist when the first edition published. Most notably every reader will benefit from two new chapters covering using LLMs to threat model and exploring threats to LLMs, AIs, and ML themselves. There’s a new deep focus on agile and a broadening of who threat models to include non-specialist product owners. All told, nearly half of this edition is new or revised enough to be new.

Often called “the Bible of threat modeling,” Shostack’s approach has been adopted across industry, governments and is at the heart of OWASP’s threat modeling approaches. The first edition proved to be enduring and timeless, providing techniques that continued to work as technology and development paradigms shifted. But it still had elements of waterfall development that were important to update.

Threat Modeling: Designing for Security in an AI World presents an updated version of Shostack's Four-Question Framework that structures the threat modeling process from initial analysis through remediation. The specific actionable techniques proven from the first edition are updated to draw on thousands of conversations over the last decade. The guidance spans all technology. Readers gain structured methods to evaluate new additions to their technology or business enterprise prioritize effective defenses.

You'll also discover:

• Increased discussion of cloud, IoT, and mobile
• A new chapter on boundaries, including how to identify and validate them across complex system architectures
• A new chapter on attack lifecycle models introduces the two most popular cyber kill chains, mapping attacker progression stages to identify optimal defensive intervention points
• A new framework for selecting and implementing effective defenses, spanning and clarifying choices from designs on the back of a napkin through systems that have been in operation since before the first edition
• Proven techniques for defensively managing remaining risk after threat identification, with structured and repeatable organizational approaches
• A cohesive scaling chapter transitions readers from the technical skills they acquire to the business challenges of scaling threat modeling
• Five legacy chapters and four appendices from the first edition are now available online at the book’s website, making room in the book for all of the new content while keeping cut material available for reference

Written for engineers of all sorts, including security architects, security engineers, penetration testers, software developers building secure products, and IT administrators with security responsibilities, this Second Edition equips practitioners with structured, repeatable methods for identifying threats and designing defenses across any technology stack.

The first edition showed how secure by design was a real possibility. The second shows even more clearly how to make it happen in your technology and products.