Blog | Threat Model Co

AI Security Jun 25, 2025

Building a Secure AI Chatbot for Internal Search: Lessons from NIST’s NCCoE

Technical and Security Lessons from the initial NIST’s NCCoE chatbot implementation

ai

Read more →

Application Security Jun 24, 2025

Drowning in Security Alerts? OX Security Says You're Focusing on the Wrong 98%

A conversation with OX Security's Field CTO reveals why only 2% of security alerts matter and how to find them

appsec

Read more →

AI Security Jun 20, 2025

Living off AI POC Attack: Exploiting MCP Integrations Through Prompt Injection

Research looks at how threat actors could potentially exploit Model Context Protocol integrations to gain privileged access through support tickets

ai

Read more →

AI Security Jun 16, 2025

Securing LLMs: Why Traditional AppSec Approaches Don't Work

Why traditional AppSec approaches don't work for LLMs, and how to secure them.

ai

Read more →

AI Security Jun 16, 2025

Securing Your LLM Supply Chain: From Models to Dependencies

Article exploring supply chain security risks and dependencies for LLMs

ai

Read more →

AI Security Jun 15, 2025

The Dual LLM Pattern for LLM Agents

ai

Read more →

AI Security Jun 15, 2025

The Context-Minimisation Pattern for LLM Agents

ai

Read more →

AI Security Jun 15, 2025

The Plan-Then-Execute Pattern for LLM Agents

ai

Read more →

AI Security Jun 15, 2025

The LLM Map-Reduce Pattern for LLM Agents

ai

Read more →

AI Security Jun 15, 2025

The Code-Then-Execute Pattern for LLM Agents

ai

Read more →

AI Security Jun 13, 2025

The Action-Selector Pattern for LLM Agents

ai

Read more →

AI Jun 11, 2025

Prompt Injection 101 - Risks and Defences

Learn about prompt injection, how it works, the risks involved, and how to defend against it.

ai

Read more →

AI Jun 4, 2025

LLM Jailbreaking Explained: Attack Methods, Real Risks, and Defences

Learn about LLM jailbreaking, how it works, the risks involved, and how to defend against it.

ai

Read more →

AI Jun 2, 2025

Shadow AI: Is Your Company Data at Risk?

Learn about Shadow AI, why employees use unapproved AI tools, the risks involved for businesses, and how to address it.

ai

Read more →

Security Insights May 19, 2025

Security Insights: Insider Threats, Multi‑Actor Campaigns and the Race to Mitigate

Key security developments shaping cyber defence, from AI-enabled attacks to supply-chain compromises.

ai threat intelligence

Read more →

Security Insights May 9, 2025

Security Insights: Identity Evolved, Supply Chain Risks & Active Exploits

A curated collection of security developments and research from across the industry, with practical insights and analysis.

ai threat intelligence

Read more →

Security Insights May 2, 2025

Security Insights: Zero-Days, APTs and AI Risks

A curated collection of security developments and research from across the industry, with practical insights and analysis.

ai threat intelligence

Read more →

Cybersecurity Apr 30, 2025

Insider Threats Are Evolving: Is Your Threat Model?

Examines the evolving insider threat landscape, focusing on state-sponsored DPRK IT workers who infiltrate organisations via fraudulent hiring, their motives, TTPs, and necessary defence adaptations including enhanced vetting and technical controls.

threat modeling

Read more →

AI Security Apr 30, 2025

LlamaFirewall: AI Agent Open-Source Guardrail System

An overview of LlamaFirewall, an open-source guardrail system for AI agents, detailing its components: PromptGuard 2, AlignmentCheck, and CodeShield.

ai

Read more →

Cybersecurity Apr 23, 2025

Insights from Mandiant M-Trends 2025 Threat Report

Key findings from the Mandiant M-Trends 2025 report, including shifts in initial access vectors like stolen credentials, cloud compromise tactics, and the risks of unsecured data.

threat intelligence

Read more →

AI Security Apr 19, 2025

Hands-On with the Agent Development Kit (ADK): A Security Triage PoC

A first look at the Google Agent Development Kit (ADK), testing its multi-agent delegation capabilities with a security alert triage Proof-of-Concept.

ai

Read more →

Cybersecurity Apr 15, 2025

Zero Trust Maturity Model: Assessing Identity Maturity

A look at the Identity pillar in CISA's Zero Trust Maturity Model. Learn about the key Functions and vendor-agnostic steps towards better identity security.

zero trust

Read more →

Cybersecurity Apr 14, 2025

Zero Trust: What It Is and Why It Matters

Explains the Zero Trust security model ("Never Trust, Always Verify"), its key drivers like digital transformation and remote work, its benefits for compliance, and the CISA framework for implementation.

zero trust

Read more →

AI Security Apr 6, 2025

The AI Security Balance: Criminal Exploitation vs. Defensive Innovation

Examines the dual use of AI in security, covering criminal exploitation tactics highlighted by the Alan Turing Institute and defensive advancements like Google Sec-Gemini v1.

ai cybersecurity threat intelligence +5 more

Read more →

Cloud Security Apr 4, 2025

Automating Cloud Compliance Checks with Best Practices in AWS, Azure and GCP

Explore how automating cloud compliance checks in AWS, Azure, and GCP using native tools can reduce risk, save costs, and improve security posture.

cloud security compliance aws +2 more

Read more →

Threat Modeling Apr 2, 2025

Threat Modeling with Attack Trees

Learn the basics of threat modeling using attack trees, including how to build them, practical examples, and mapping to MITRE ATT&CK.

threat modeling

Read more →

Cybersecurity Mar 21, 2025

Actionable Defences Against AI-Powered Phishing

Learn how AI is transforming phishing attacks and discover practical strategies to protect your organisation against sophisticated AI-powered social engineering attempts.

phishing ai threat modeling

Read more →

Threat Modeling Mar 21, 2025

Threat Modeling's Blind Spots: Navigating the Complexities of Scope Definition

Discover how proper scope definition in threat modeling can uncover hidden vulnerabilities and strengthen your security posture through systematic boundary analysis.

threat modeling

Read more →

AI Security Mar 20, 2025

MCP Security 101: Exploring AIs Universal Connector

Explore how the Model Context Protocol works as a universal connector for AI systems, and security considerations when implementing it.

mcp ai

Read more →