CYBERSEC 2026
AI software medical-device cybersecurity: from FDA 524B to threat modeling and Patch SLA
Breakout session on cybersecurity practice for AI software medical devices, connecting FDA 524B, threat modeling, SBOM, Zero Trust design, and auditable risk governance.
Regulatory pressure makes cybersecurity design a product requirement.
The talk frames AI software medical-device cybersecurity as an engineering and governance requirement, not as a compliance appendix added after product design.
Threat modeling turns vague AI SaMD risk into a reviewable system map.
Threat modeling gives teams a shared way to discuss model, data, workflow, vendor, update, and monitoring risk before deployment pressure compresses the conversation.
Patch SLA, SBOM, and Zero Trust create the operational evidence trail.
The practical goal is a system that can be maintained, audited, and updated with clear responsibility instead of a one-time security document.
The useful governance question is inspectability after launch.
The session closes on how teams preserve logs, review paths, ownership, and change control once AI behavior, model versions, and security conditions continue moving.