BEGIN:VCALENDAR
VERSION:2.0
PRODID:-//pretalx//pretalx.com//bsidesluxembourg-2026//speaker//SPJFYU
BEGIN:VTIMEZONE
TZID:CET
BEGIN:STANDARD
DTSTART:20001029T040000
RRULE:FREQ=YEARLY;BYDAY=-1SU;BYMONTH=10
TZNAME:CET
TZOFFSETFROM:+0200
TZOFFSETTO:+0100
END:STANDARD
BEGIN:DAYLIGHT
DTSTART:20000326T030000
RRULE:FREQ=YEARLY;BYDAY=-1SU;BYMONTH=3
TZNAME:CEST
TZOFFSETFROM:+0100
TZOFFSETTO:+0200
END:DAYLIGHT
END:VTIMEZONE
BEGIN:VEVENT
UID:pretalx-bsidesluxembourg-2026-YTUTGD@pretalx.com
DTSTART;TZID=CET:20260507T103500
DTEND;TZID=CET:20260507T111500
DESCRIPTION:AI rarely creates entirely new classes of risk. More often\, it
  amplifies weaknesses that already exist in complex systems where architec
 ture\, data\, and business decisions are tightly coupled. What changes is 
 not the threat itself\, but its reach\, speed\, and impact.\n\nThis sessio
 n shows how threat modeling can be used as a leverage point in two paralle
 l dimensions\, in a way that remains accessible to newcomers while still g
 rounded in real-world practice. On the technical side\, threat modeling is
  presented as a concrete decision tool: identifying realistic attack paths
 \, clarifying what actually needs to be tested\, and guiding focused actio
 ns such as pentest scoping and security control prioritization. The emphas
 is is not on exhaustive models\, but on developing the right security refl
 exes early\, understanding where small inputs can create large business co
 nsequences.\n\nIn parallel\, the same threat model is used as a framework 
 validation layer. Instead of treating compliance as a documentation exerci
 se\, threat modeling helps explain how and why controls are applied where 
 risk actually exists. Using approachable examples aligned with ISO 27001\,
  the AI Act\, and NIS2 expectations\, the session demonstrates how threat 
 modeling supports compliance efforts by making security decisions explicit
 \, traceable\, and defensible.\n\nThe session is designed for beginners an
 d practitioners in application security\, threat modeling\, or software en
 gineering\, and assumes familiarity with AppSec and SDLC concepts. The foc
 us is not on theory or abstract AI threats\, but on real systems\, plausib
 le attackers\, and practical threat models that help bridge technical secu
 rity decisions and regulatory expectations from the start.
DTSTAMP:20260412T012152Z
LOCATION:IFEN room 2\, Workshops and AI Security Village  (Building D)
SUMMARY:What Does Threat Modeling Solve for AI Security? - Nathan Pembe
URL:https://pretalx.com/bsidesluxembourg-2026/talk/YTUTGD/
END:VEVENT
END:VCALENDAR