Toreon Office | Grotehondstraat 44 1/1 - 2018 Antwerpen | +32 3 369 33 96
42nd Edition – March 2025
It’s time for another edition of our Threat Modeling Insider! This month’s issue features a guest article on PLOT4AI 2.0 written by Isabel Barberá. Our Toreon blog is all about managing CRA compliance through the (cost-effective) power of threat modeling!
But that’s not everything, of course, so dig in and let’s get reading.
It’s time for another edition of our Threat Modeling Insider! This month’s issue features a guest article on PLOT4AI 2.0 written by Isabel Barberá. Our Toreon blog is all about managing CRA compliance through the (cost-effective) power of threat modeling!
But that’s not everything, of course, so dig in and let’s get reading.
Toreon Blog
Threat Modeling: A Strategic, Cost-Effective Path to CRA Compliance and Security by Design, by Sebastien Deleersnyder
Curated content
The Evolution of Threat Modeling: From Military Strategy to Cybersecurity Engineering
Curated content
Deep Backdoors in Deep Reinforcement Learning Agents
Tips & tricks
OWASP Cornucopia
Training update
An update on our training sessions.
A lot has happened in the AI world since I first published PLOT4AI in April 2022. It’s mind-blowing!
At that time, only a few of us were working in the field. Many organizations were mostly experimenting, and only some were seriously deploying AI. Deep learning was still something not everyone dared to use; most relied on simpler machine learning models.
Yet even those simple early implementations were enough to cause serious problems. In the Netherlands, the childcare benefits scandal at the Tax Office was a stark reminder of what can go wrong. That case was in fact the main inspiration behind my framework. For those who don’t know, PLOT4AI was first piloted at the Dutch Tax Office; no doubt, at that time, it was the best place in Europe to test an AI risk tool. 😉
After three years of research, the first version of PLOT4AI contained 86 AI-related threats across 8 categories. Back then, AI security was still a niche topic—only Microsoft, ENISA, and Berryville were talking about it. The rest of the world wasn’t paying attention yet.
And safety? That was something some people associated with robotics and reinforcement learning. Even finding research papers on AI safety was difficult at the time.
Then, just seven months after PLOT4AI’s release, ChatGPT launched—and the AI landscape changed overnight.
With the explosion of Large Language Models (LLMs), the risks of AI systems became too obvious to ignore. Security has become a top priority, and Safety has finally taken its own place.
The EU AI Act entered the scene, placing fundamental rights at the centre of AI governance.
AI has become a global geopolitical game, influencing regulatory and economic agendas worldwide.
It was clear that PLOT4AI needed a major update.
Since 2019, I have been continuously researching AI risks, and PLOT4AI has remained a living project. Over the last few months, with the help of my colleagues at Rhite, I started working on the much-needed refresh.
The new version now contains over 100 threats (compared to 86 in the original), and all content has been updated to match the current state of the art and include threats related to GenAI and Agentic AI.
PLOT4AI still has eight categories, but they’ve evolved to reflect today’s AI risk landscape being more aligned with the EU AI Act and AI risk management standards. The new categories are:
‘Data & Data Governance, ’ ‘Transparency & Accessibility, ’ ‘Privacy & Data Protection, ’ ‘Cybersecurity, ’ ‘Safety & Environmental Impact, ’ ‘Bias, Fairness & Discrimination, ’ ‘Ethics & Human Rights, ’ and ‘Accountability & Human Oversight. ’
To ensure risks are assessed at the right time, PLOT4AI is now structured around six AI lifecycle phases instead of four: Design, Input, Model, Output, Deploy & Monitor.
Each phase represents a key stage in the lifecycle of an AI system, allowing teams to filter relevant risks based on where they are in the process: building a model or developing or deploying an AI system.
We are also updating OWASP Threat Dragon to make it easier to build data flow diagrams for PLOT4AI sessions. This will help teams map AI risks visually and integrate them into their threat modeling process. This update will be ready before the end of May.
What started as a privacy-focused threat library has now grown into a holistic AI risk framework.
Finding the right word starting with the letter “P” took some brainstorming until we landed on the perfect fit. PLOT4AI is not any more a “Privacy Library of Threats 4 AI” but a “Practical Library of Threats 4 AI.”
The new version of PLOT4AI will launch in April with:
PLOT4AI has always been an open-source project, and it thrives on community feedback.
That is why once the update is published, I encourage you to:
PLOT4AI is not just a tool—it’s a collaborative effort to make AI safer.
Stay tuned for the launch in April—and let’s build responsible AI together!
Calling all AI Engineers, Software Developers, Solution Architects, Security Professionals, and Security Architects! Get ready to elevate your skills and master the art of designing secure AI systems in our latest, cutting-edge training.
This hands-on course dives deep into the DICE methodology (Diagramming, Identification of threats, Countermeasures, and Evaluation), giving you the tools you need to tackle AI-specific threats—like prompt injections and data poisoning—head-on. You’ll develop real-world countermeasures, learn to integrate security testing into your AI workflows, and gain insights into staying ahead of the curve in AI security.
But it doesn’t stop there! The grand finale will put your skills to the test in a high-energy wargame, where red and blue teams face off to defend and attack a rogue AI research assistant. It’s a thrilling way to turn theory into action as you perform threat modeling under pressure.
After years evaluating security trainings at Black Hat, including Toreon’s Whiteboard Hacking Sessions, I can say this AI Threat Modeling course stands out. The hands-on approach and flow are exceptional – it’s a must-attend.
As a senior security leader, you’re navigating the EU Cyber Resilience Act (CRA), which mandates strong cybersecurity for digital products. How can you comply without increasing costs or hindering innovation? The answer is threat modeling. Once a technical task, it’s now a key strategy for achieving “security by design,” simplifying compliance, and fostering a strong security culture. This blog shows how scaling threat modeling across your product lifecycle can be a cost-effective, compliance-friendly approach under the CRA.
Explore the evolution of threat modeling—from its roots in 1940s military strategy to modern cybersecurity. Discover how frameworks like STRIDE, OCTAVE, and MITRE ATT&CK have paved the way for automated, continuous threat assessment with tools like Meta Attack Language, aligning security with business goals.
OWASP Cornucopia is an innovative card game mechanism designed to help software development teams identify security requirements across various development scenarios (including web and mobile) and can be a great add-on for your threat modeling sessions.
Threat Modeling Practitioner training, hybrid online, hosted by DPI
Cohort starting on 17 March 2025
Advanced Whiteboard Hacking a.k.a. Hands-on Threat Modeling, in-person, hosted by NorthSec, Montreal
10-11 May 2025
Hands-on Threat Modeling AI (NEW TRAINING), in-person, hosted by OWASP Global AppSec, Barcelona
27-28 May 2025
Threat Modeling Practitioner training, hybrid online, hosted by DPI
Cohort starting on 17 March 2025
Advanced Whiteboard Hacking a.k.a. Hands-on Threat Modeling, in-person, hosted by NorthSec, Montreal
10-11 May 2025
Hands-on Threat Modeling AI, in-person, hosted by OWASP Global AppSec, Barcelona
27-28 May 2025
Advanced Whiteboard Hacking a.k.a. Hands-on Threat Modeling, in-person, hosted by Black Hat USA, Las Vegas
2-5 August 2025
Threat Modeling Practitioner training, hybrid online, hosted by DPI
Cohort starting on 18 August 2025
Agile Whiteboard Hacking a.k.a. Hands-on Threat Modeling, in-person, OWASP Global AppSec, Washington DC
4-5 November 2025
Advanced Whiteboard Hacking a.k.a. Hands-on Threat Modeling, in-person, hosted by Black Hat USA, Las Vegas
2-5 August 2025
Threat Modeling Practitioner training, hybrid online, hosted by DPI
Cohort starting on 18 August 2025
Agile Whiteboard Hacking a.k.a. Hands-on Threat Modeling, in-person, OWASP Global AppSec, Washington DC
4-5 November 2025
