Tendril — AI Lessons for Real Life

Tendril

Threat Model The Feature

Before shipping user management, payments, uploads, or AI tools, ask who could abuse it and what they could steal or break.

Name the job before naming the tool.

Write the smallest useful scope the agent can finish.

Run the result as a user, not as a fan of the tool.

Inspect the diff, data access, and failure path before sharing.

Threat model invite links. Attacker goals: join wrong org, escalate role, reuse expired token, enumerate emails. Add mitigations for each.Use this as the working prompt or checklist for the lesson.

What should the user be able to do when this is finished?

What data should the app or agent never expose?

What test proves the change works?

What rollback path exists if the output is wrong?

End-of-lesson check

15 questions · take it digitally for instant feedback at tendril.neural-forge.io/learn/quiz/end-coder-threat-model-creators

What is the primary purpose of threat modeling before shipping a feature?

To decide what programming language to use
To make the feature run faster
To identify potential ways the feature could be abused
To reduce the number of lines of code needed

Which question should you NOT ask when threat modeling a new feature?

What data should the app never expose?
Who might want to abuse this feature?
What is the most popular competitor's design?
What rollback path exists if the output is wrong?

A developer is building a file upload feature using AI assistance. Which scope definition follows the lesson's guidance?

Build a complete file management system with folders and sharing
Build an upload feature that accepts images under 5MB
Build the most secure upload system in the world
Build something that handles files somehow

Why should you run AI-generated code as a user rather than as a developer?

Because the AI only tests with non-developers
Because developers cannot understand their own code
Because the code only works for non-developers
To identify security vulnerabilities from an attacker's perspective

What three things should you inspect before sharing AI-generated code with others?

The diff, data access, and failure path
The variable names, the comments, and the indentation
The color scheme, the font size, and the loading animation
The CPU usage, memory usage, and network speed

What does 'rollback path' refer to in the context of shipping AI features?

A way to roll back the clock on your computer
The strategy for reverting changes if the output causes problems
A visual design element showing undo functionality
A debugging technique for tracing errors

Which of these is NOT one of the key terms listed in the lesson?

Permissions
Security
Threat model
User interface

The lesson mentions that the 2026 security conversation keeps returning to what missing prompt?

Which programming language to choose
How to make the code run faster
How many users will try the feature
How the feature can be abused

A feature that exposes user passwords or private API keys to other users is an example of what?

A performance issue
A security vulnerability exposing data that should never be exposed
A feature request
A UI bug

What is the BEST test to prove a feature change works?

Running the result as an actual user would
Asking the AI if it works
Checking that the code compiles without errors
Reading through the code carefully

What is the main advantage of defining the smallest useful scope for an AI-generated feature?

The agent can finish it faster and you can iterate
It uses less computer memory
It automatically includes all security features
It requires fewer developers

What does it mean for an AI feature to be 'observable'?

The feature can be seen on screen
The feature has comprehensive logging and monitoring
The feature uses visible UI elements
The feature is open source

Why should AI-generated features be 'reversible'?

Because it makes the code run faster
To ensure the system can return to a safe state if AI output causes harm
Because users like to undo actions
Because code should always be written to be reversible

When threat modeling, why is it important to examine the failure path?

To understand what happens when things go wrong and prevent security issues
To show users error messages
To log all failures for debugging
To make the feature fail gracefully

What information should always be documented along with a shipped feature?

A rollback path in case something goes wrong
The company's revenue numbers
The developer favorite coffee order
The AI model version number only

Threat Model The Feature

Before shipping user management, payments, uploads, or AI tools, ask who could abuse it and what they could steal or break.

Name the job before naming the tool.

Write the smallest useful scope the agent can finish.

Run the result as a user, not as a fan of the tool.

Inspect the diff, data access, and failure path before sharing.

Threat model invite links. Attacker goals: join wrong org, escalate role, reuse expired token, enumerate emails. Add mitigations for each.Use this as the working prompt or checklist for the lesson.

What should the user be able to do when this is finished?

What data should the app or agent never expose?

What test proves the change works?

What rollback path exists if the output is wrong?

End-of-lesson check

15 questions · take it digitally for instant feedback at tendril.neural-forge.io/learn/quiz/end-coder-threat-model-creators

What is the primary purpose of threat modeling before shipping a feature?

To decide what programming language to use
To make the feature run faster
To identify potential ways the feature could be abused
To reduce the number of lines of code needed

Which question should you NOT ask when threat modeling a new feature?

What data should the app never expose?
Who might want to abuse this feature?
What is the most popular competitor's design?
What rollback path exists if the output is wrong?

A developer is building a file upload feature using AI assistance. Which scope definition follows the lesson's guidance?

Build a complete file management system with folders and sharing
Build an upload feature that accepts images under 5MB
Build the most secure upload system in the world
Build something that handles files somehow

Why should you run AI-generated code as a user rather than as a developer?

Because the AI only tests with non-developers
Because developers cannot understand their own code
Because the code only works for non-developers
To identify security vulnerabilities from an attacker's perspective

What three things should you inspect before sharing AI-generated code with others?

The diff, data access, and failure path
The variable names, the comments, and the indentation
The color scheme, the font size, and the loading animation
The CPU usage, memory usage, and network speed

What does 'rollback path' refer to in the context of shipping AI features?

A way to roll back the clock on your computer
The strategy for reverting changes if the output causes problems
A visual design element showing undo functionality
A debugging technique for tracing errors

Which of these is NOT one of the key terms listed in the lesson?

Permissions
Security
Threat model
User interface

The lesson mentions that the 2026 security conversation keeps returning to what missing prompt?

Which programming language to choose
How to make the code run faster
How many users will try the feature
How the feature can be abused

A feature that exposes user passwords or private API keys to other users is an example of what?

A performance issue
A security vulnerability exposing data that should never be exposed
A feature request
A UI bug

What is the BEST test to prove a feature change works?

Running the result as an actual user would
Asking the AI if it works
Checking that the code compiles without errors
Reading through the code carefully

What is the main advantage of defining the smallest useful scope for an AI-generated feature?

The agent can finish it faster and you can iterate
It uses less computer memory
It automatically includes all security features
It requires fewer developers

What does it mean for an AI feature to be 'observable'?

The feature can be seen on screen
The feature has comprehensive logging and monitoring
The feature uses visible UI elements
The feature is open source

Why should AI-generated features be 'reversible'?

Because it makes the code run faster
To ensure the system can return to a safe state if AI output causes harm
Because users like to undo actions
Because code should always be written to be reversible

When threat modeling, why is it important to examine the failure path?

To understand what happens when things go wrong and prevent security issues
To show users error messages
To log all failures for debugging
To make the feature fail gracefully

What information should always be documented along with a shipped feature?

A rollback path in case something goes wrong
The company's revenue numbers
The developer favorite coffee order
The AI model version number only