Securing Generative AI: Essential Threat Modeling Techniques

Elizaveta Zinovyeva

Generative AI
Thursday 11:35 in Palladium
  1. Introduction
    • Motivation
    • What can go wrong
  2. Generative AI vs Traditional Applications
    • Key differences in security considerations
    • Unique challenges posed by generative AI
  3. Threat Modeling Basics and AI-Specific Threats
    • STRIDE framework
    • Focus on prompt injection and data poisoning
    • Example: Simple prompt injection attempt
  4. Practical Threat Modeling Process
    • Simplified system decomposition example
    • Threat identification walkthrough
  5. Example: Input Validation
  6. Tools Showcase and Mitigation Strategies
    • AI security tools applicable
    • Best practices for API security
  7. Conclusion and Resources
    • Recap key takeaways
    • List of recommended tools and further reading

Elizaveta Zinovyeva

PyConDE 2025 in Darmstadt