LLM Application Threat Modeling: Securing the Next Generation of AI-Driven Systems

This session introduces a structured methodology for LLM-specific threat modeling, tailored for security architects, AppSec engineers, and AI developers. Attendees will explore the unique threats posed by LLM integration—such as prompt injection, data leakage, output poisoning, over-permissioned APIs, and excessive LLM agency—and learn how to adapt STRIDE, attack trees, and misuse case analysis to these environments.Through real-world examples, architecture diagrams, and red team scenarios, the session will walk through how to systematically deconstruct LLM-enabled systems to uncover logic flaws and weak trust boundaries. We’ll also cover how threat modeling can be integrated early into the AI development lifecycle, enabling teams to reduce risk before deployment.By the end of the session, participants will leave with a practical threat modeling framework, a set of reusable checklists, and an understanding of the most pressing AI security concerns in 2024 and beyond. Whether your organization is experimenting with GPT-based assistants, building GenAI features into your SaaS platform, or deploying local models, this session will equip you to secure LLM applications by design.