Threat Modeling AI Systems: What Changes When the Model Is the Attack Surface
Traditional threat modeling assumes deterministic code. AI systems break that assumption in ways most security frameworks haven't caught up with yet.
Markus Zaki
I break things to understand them.
I build things to fix them.
Staff security engineer in Ottawa. Builder of AI tools for people who take risk seriously. Egyptian-Canadian. Occasionally writes about things that matter.
Writing
all posts →Why Security Engineers Should Build in Public (And Why Most Don't)
The security community has a culture of closed doors. I think that's a competitive disadvantage — for individuals and the field.
Notes
all notes →The context window size arms race misses the point. More tokens doesn’t solve the retrieval problem — it just makes it more expensive. The hard question is: what belongs in context vs. what belongs in a database?
Security theater exists because it’s much easier to measure compliance than risk reduction. You can count policies. You can’t count breaches that didn’t happen.
The best names compress a concept so densely that they change how you think about it. “Technical debt,” “rubber duck debugging,” “shift left.” Bad names make ideas harder to share. Good names make communities possible.