https://securecode.dev/tags/threat-modeling/Recent content in Threat Modeling on securecode.devHugoen-usFri, 01 May 2026 00:00:00 +0000https://securecode.dev/insights/ai-security-risks-in-saas-platforms/Fri, 01 May 2026 00:00:00 +0000https://securecode.dev/insights/ai-security-risks-in-saas-platforms/<p>AI-enabled SaaS features often get reviewed as isolated prompts or model calls, but the meaningful risk usually sits in the surrounding application workflow. Permissions, tenant boundaries, tool execution, retrieval pipelines, and output handling all matter more than the model alone.</p>https://securecode.dev/insights/threat-modeling-modern-apis/Sun, 26 Apr 2026 00:00:00 +0000https://securecode.dev/insights/threat-modeling-modern-apis/<p>Threat modeling APIs is often reduced to a short checklist around authentication and transport security. That rarely surfaces the issues that matter most. Real API risk tends to come from workflow design, trust assumptions between services, and weak authorization at object or action boundaries.</p>https://securecode.dev/insights/practical-product-security-reviews/Thu, 09 Apr 2026 00:00:00 +0000https://securecode.dev/insights/practical-product-security-reviews/<p>Product security reviews are easy to make expensive and hard to make useful. A review that produces a long list of generic best practices may look thorough while still failing to help the team make better decisions.</p>