Unkeynote: The Threat Modeling Manifesto in the Age of AI: Still True, or Due for Amendment?
June 27, 2026
9:00 AM
Golden Wave 1
About this session
We will open the conference by challenging the Threat Modeling Manifesto with the people who helped shape it. Moderated by Stephen de Vries, Adam Shostack, Irene Michlin, Kim Wuyts, and Izar Tarandach, the panel will assess whether its human-centric principles still hold as AI reshapes software architecture, secure development, and risk analysis. We will test how agentic systems, AI-assisted tooling, automated threat identification, and probabilistic controls affect collaboration, system understanding, design decisions, and accountability. The objective is to determine whether the Manifesto requires amendment, a stronger interpretation, or explicit safeguards for AI-driven engineering environments.
About the speaker
About the speakers
Adam is the author of Threat Modeling: Designing for Security, and Threats: What Every Engineer Should Learn from Star Wars, and the first recipient of the Adam Shostack Award for Threat Modeling.
Kim Wuyts is a leading privacy engineering expert with over 15 years of experience in security and privacy. Before joining PwC as Manager Cyber & Privacy, Kim was a senior researcher at KU Leuven where she led the development and extension of LINDDUN, a popular privacy threat modeling framework. Her mission is to raise privacy awareness and get organizations to embrace privacy engineering best practices.
Irene Michlin is an application security lead at Neo4j. Before going into application security, Irene worked as a software engineer, architect, and technical lead at companies ranging from startups to corporate giants. Her professional interests include securing development life-cycles and architectures. After years of AppSec consultancy, she is back to an in-house role, where she can apply all that she’s learned.
Izar is a Sr Pr Sec Architect at SXM. He held security-related positions at DDOG, SQSP, and many others. Author and presenter,co-author of "Threat Modeling: A Practical Guide for Development Teams" by O'Reilly, member of the Threat Modeling Manifesto Group, and maintainer of the OWASP pytm tool.
.jpg)
.png){kind=logo}
