Episode 6

The Future of Threat Modeling in the Age of AI

Threat modeling is shifting from a manual process to one supercharged by AI. In this episode of AppSec.FM, Jerry Hoff talks with Fraser Scott, Chief Scientist at IriusRisk, about how AI and LLMs are transforming the way organizations identify risks in software development. The conversation explores the current state of threat modeling, supply chain challenges, and the economic value of embedding proactive security practices into the SDLC.

Highlights:

• Why threat modeling remains critical in modern AppSec.

• How AI and LLMs are changing the threat modeling process.

• Inputs, outputs, and practical adoption in organizations.

• The growing importance of supply chain risk management.

• Integrating threat modeling into secure software design.

• The ROI of identifying risks early in development.

• The role of threat modeling in defending against AI-powered attackers.


Guest links:

https://www.linkedin.com/in/zeroxten/

https://www.iriusrisk.com/

AppSec.FM is the podcast for application security professionals, hosted by Jerry Hoff. Subscribe on Apple Podcasts, Spotify, or at appsec.fm.

Next Episode All Episodes Previous Episode

About the Podcast

Show artwork for AppSec
AppSec

Listen for free

About your host

Profile picture for Jerry Hoff

Jerry Hoff

For the past two decades, I’ve been on the front lines of application security, leading teams, teaching thousands of developers, and helping shape how organizations around the world defend their software. Along the way I’ve held leadership roles at Aspect Security, WhiteHat Security, Sony Electronics, and NTT, always with the same goal: making technology safer.

Today I run AppSec Training, a boutique company dedicated to transforming security education into something practical, engaging, and impactful.

And now, through AppSec.FM, I get to do what I love most: connect with the brightest minds in cybersecurity, uncover their stories, and explore how we can secure software in an era defined by AI, rapid innovation, and relentless new threats.