Workshops
In addition to registration below, all workshops have 10 seats available for walk-ins, though not guaranteed.
Here Be Dragons: Threat Modeling AI Systems with OWASP Threat Dragon
AI systems create failure modes traditional security reviews often miss: prompt injection, sensitive data exposure, retrieval manipulation, unsafe tool use, overreliance on model output, and weak monitoring.
In this hands-on workshop, participants will threat model a realistic AI system: an internal RAG assistant that uses enterprise documents, a vector database, identity controls, logging, and a third-party LLM. Using OWASP Threat Dragon and OWASP AI threat references, participants will map the system, identify trust boundaries, surface AI-specific threats, prioritize the most consequential scenarios, and turn them into a practical risk backlog.
This is a working session, not a lecture. The goal is to move from vague AI risk concerns to concrete threats, controls, owners, and decisions.
- Decompose an AI-enabled system into actors, processes, data stores, data flows, and trust boundaries
- Use OWASP Threat Dragon to create a basic AI threat model
- Identify AI-specific threats such as prompt injection, data leakage, retrieval manipulation, excessive agency, tool misuse, and monitoring gaps
- Prioritize threats based on impact, plausibility, and control confidence
- Convert top threats into practical security, governance, and engineering backlog items
- Laptop with OWASP Threat Dragon already installed and tested
- Web browser
- Basic familiarity with application architecture, security, risk, or AI systems
- Curiosity and willingness to challenge assumptions
No coding experience or prior threat modeling experience is required.

