Guides, resources, and editorial insight for your audience.
Categories
Attack Surface & Threat Modeling — Agentic systems introduce attack surfaces that traditional threat modeling frameworks weren't built to handle—autonomous tool use, multi-agent trust boundaries, dynamic memory, and delegated credentials all demand a different analytical approach. This category covers how to systematically identify, map, and prioritize threats across the full agentic stack, from design-time architecture reviews through runtime exposure analysis. Expect concrete methodologies, worked examples, and honest assessments of where current frameworks fall short.
Defensive Architecture & Security Controls — Knowing where the attack surface is only half the work—the harder problem is building systems that resist exploitation under real operating conditions. This category covers concrete defensive patterns for agentic systems: sandboxing tool execution, enforcing least-privilege credential delegation, designing trust boundaries in multi-agent pipelines, and implementing runtime controls that don't cripple the autonomy you're trying to protect. The focus is architectural decisions that hold up when things go wrong, not checklists that look good in a review.
Red Teaming & Offensive Research — Defending agentic systems requires understanding how they actually break—not in theory, but under deliberate, adversarial pressure. This category covers offensive techniques, red-team methodologies, and hands-on exploit research specific to autonomous agent architectures: prompt injection campaigns, tool call interception, memory poisoning walkthroughs, and multi-agent lateral movement. If you want to know what an attacker does after they get a foothold in an agentic pipeline, this is where to look.
Threat Modeling AI Agents: What STRIDE Misses — Threat modeling for agentic AI systems exposes the gaps that STRIDE was never designed to find - corrupted context, dynamic tool trust, and permission escalation that looks like normal operation.