Enhancing Stride Threat Models Using Mitre EMB3D(medium.com)
medium.com
Enhancing Stride Threat Models Using Mitre EMB3D
https://medium.com/mitre-emb3d/enhancing-stride-threat-models-using-mitre-emb3d-ea15937dc5f8
1 comments
Both STRIDE and EMB3D model the analyst as a fixed-capability node. That falls apart fast in any SOC running AI-flagged alerts. MDPI ran a survey of 500 cybersecurity decision-makers (Computers 13(7):165, 2024): 35% missed alerts, 22% ignored them, 25% didn't act on high-profile ones. Threat models that don't price in analyst degradation under AI augmentation are underestimating operator-layer risk in a way that gets worse the more AI you deploy.