Trust code you didn't write: From code review to confidence

Agents let us produce code faster than developers can realistically review, understand, and reason about, sometimes leading to unintentional side effects and bugs. The problem is not that generated code is uniquely bad, but that low-confidence code now piles up faster than teams can build a shared architectural understanding. In this hands-on workshop, Ben and Carl from Oplane will show how the bar for code reviews can be raised beyond individual lines of code. We will cover what threat models are, and why they are a powerful tool for reasoning about architecture, data flows, trust boundaries, and abuse cases. We’ll demo, lab, and play with automated threat modeling to form a common understanding of how it fits into modern agentic development workflows. Participants will have the chance to run automated threat models against their own code or provided example projects, inspect the findings, and explore how to turn those findings into concrete fixes. This is a practical workshop aimed at developers, security-minded engineers, builders, and breakers actively using coding agents such as Claude, Codex, Cursor, and others to ship code. Bring a laptop and, ideally, prepare a repo with recent code changes you are comfortable analyzing.