{"slug": "weekly-dev-log-2026-w09", "title": "Weekly Dev Log 2026-W09", "summary": "A developer completed a SwiftUI app development tutorial and tested the app on a real iPhone, learning the full iOS app-building workflow without joining the Apple Developer Program. The developer also organized app ideas in Notion, concluding that starting with a small app is critical for steady progress given limited development time. Additionally, the developer worked on AI threat modelling through TryHackMe, learning about AI-specific assets such as training data, model weights, and system prompts.", "body_md": "##\n🗓️ This Week\n\n-\n**Completed the SwiftUI app development tutorial** and tested the app I built on a real iPhone🦾\n- Learned\n**the overall flow of building an iOS app with SwiftUI**.\n- Organized my app ideas in Notion because I want to start building a real app next week🤔 I also realized that\n**starting with a small app** is important at this stage💡\n- Worked on the UI design for my portfolio site using the official shadcn/ui Figma template. I want to finish one design direction next week and then move on to implementation.\n- Worked on the\n**AI Threat Modelling** room from the AI Security Learning Path on TryHackMe this week🤖\n\n##\n📱 iOS (SwiftUI)\n\n- Completed the SwiftUI app development tutorial.\n- Learned how to run an app on a real iPhone by connecting it to my computer, without joining the Apple Developer Program yet.\n\n##\n🌐 Web Development\n\n- Posted my weekly dev log on Dev.to📝\n- Worked on my portfolio site UI design using the official shadcn/ui Figma template.\n\n##\n🔐 Security (TryHackMe)\n\n- Worked on the AI Threat Modelling room (part of the AI Security Learning Path) on TryHackMe.\n\n#\n💡 Key Takeaways\n\n##\n📱 SwiftUI Learning\n\n###\n🔬 What I learned from testing an app on a real iPhone\n\n- I need to connect my iPhone, choose it as the run destination, and configure Signing & Capabilities before running the app.\n- A unique Bundle Identifier is needed to identify the app.\n- Xcode uses my personal Apple Account to sign the app for testing on my iPhone.\n- I need to enable Developer Mode and trust the developer profile on the iPhone before launching the app.\n- Preview data and real app data are handled differently in SwiftUI/SwiftData.\n- In previews,\n`sampleContainer`\n\nis used, so `includeSampleMoments`\n\nis passed as `true`\n\n.\n- The diary entries I create on the real iPhone are saved in the app’s local storage on the device.\n- The data is not automatically saved to my Apple Account or iCloud.\n\n###\n🦄 What I learned from organizing ideas for my first iOS app\n\n- As a beginner developer, I should not try to build a large, market-ready app from the beginning.\n- Large apps usually include many hidden complexities, such as data management, user experience design, error handling, security, performance, and long-term maintenance.\n- Since I have a full-time job, my development time is limited, so starting too big would make it harder to keep making steady progress.\n- Starting with a small app helps me focus on one or two core ideas and understand each part more deeply.\n- Building something small first also makes it easier to finish, test, and improve the app step by step.\n- I realized that the goal at this stage is not to compete with polished apps on the market, but to build practical experience by completing small projects.\n- This approach should help me stay motivated while gradually improving my skills in real app development.\n\n##\n🌐 Web Development Learning\n\n- Learned more about how to create UI designs in Figma and how to design screens using components.\n- Practiced building a consistent portfolio site design based on a design system instead of creating each part separately.\n\n##\n🔐 TryHackMe Learning\n\n###\nAI Threat Modelling\n\n####\nTask2 AI-Specific Assets and Attack Surfaces\n\n- AI systems add new assets such as training data, model weights, embedding vectors, system prompts, feature stores, and model registries.\n- I learned that poisoned training data can corrupt a model’s behaviour at the source.\n- I learned that model weights are especially valuable because they define what the model has learned.\n- If model weights are stolen, an attacker may obtain a functional copy of the AI system.\n- I learned that system prompts can reveal the model’s behaviour, constraints, business logic, and security guardrails.\n- Embedding vectors are important in systems such as RAG pipelines, recommendation engines, and fraud detection systems.\n- Manipulating embeddings can change what information the model sees at query time.\n- Feature stores are important because they provide preprocessed data used as real-time model inputs.\n- Tampering with feature stores can affect model decisions without changing the model itself.\n- A compromised model registry can allow an attacker to replace a legitimate model with a backdoored one.\n- AI threat modelling needs to consider not only traditional application risks, but also AI-specific assets, behaviours, and failure modes.\n\n####\nTask3 Data Supply Chain and STRIDE's Gaps\n\n- I learned that AI systems have a data supply chain in addition to a traditional software supply chain.\n- Each stage of the AI data supply chain can become a point of compromise.\n- Data poisoning can start from data collection, labelling, or other early pipeline stages.\n- If poisoned data reaches training, the damage can become embedded in the model’s weights.\n- A compromised model registry can allow attackers to replace a validated model with a backdoored one.\n- A backdoored model may look normal until it receives specific trigger inputs in production.\n- LLM-based systems can introduce additional injection points through retrieval pipelines during inference.\n- AI threats such as data poisoning, adversarial manipulation, tool misuse, and model theft do not always fit neatly into traditional STRIDE categories.\n- The key takeaway is that AI threat modelling must cover the full data supply chain and AI-specific failure modes.\n\n####\nTask4 Adapting STRIDE for AI Systems\n\n- I learned that STRIDE does not need to be replaced, but it needs to be adapted for AI systems.\n- In AI systems, familiar STRIDE categories can appear in new forms, such as data source impersonation, data poisoning, model extraction, and inference cost exploitation.\n- AI decisions are harder to audit because the model version, input features, prompts, and retrieved context may not be fully recorded.\n- Tool-enabled AI systems can make privilege risks broader, because a jailbroken model may misuse databases, email systems, or other connected tools.\n- The key takeaway is that STRIDE is still a useful starting point, but some AI risks require additional AI-specific frameworks such as MITRE ATLAS.\n\n####\nTask5 MITRE ATLAS: The AI Threat Technique Catalogue\n\n- I learned that MITRE ATLAS is an AI-focused knowledge base for adversary tactics and techniques against AI and ML systems.\n- ATLAS complements STRIDE by adding AI-specific technical detail, documented techniques, mitigations, and real-world case studies.\n- I learned key ATLAS techniques such as Data Poisoning, Model Extraction, Evade ML Model, LLM Prompt Injection, and Backdoor ML Model.\n- ATLAS helps turn broad STRIDE findings into specific, actionable threat findings with technique IDs and defensive guidance.\n- Real-world cases such as ShadowRay and Morris II show that AI threats are not only theoretical, but can affect real AI infrastructure and RAG-based systems.\n\n#\n🚀 Next Week\n\n- Start building a small iOS app based on the app ideas I organized this week.\n- Finish one portfolio site UI design in Figma and start implementing it in code.\n- Continue posting small articles on Dev.to.\n- Continue working on the AI Security Learning Path.\n\n#\n🌈 Goals for This Year\n\n##\n📱 iOS (SwiftUI)\n\n- Build a solid foundation in SwiftUI and create at least one iOS app.\n\n##\n🌐 Web Development\n\n- Continue posting learning logs on Dev.to and eventually turn them into a portfolio site using React Router v7.\n\n##\n🔐 Security (TryHackMe)\n\n- Continue learning cybersecurity on TryHackMe.", "url": "https://wpnews.pro/news/weekly-dev-log-2026-w09", "canonical_source": "https://dev.to/umitomo-lab/weekly-dev-log-2026-w09-55b6", "published_at": "2026-06-12 00:10:44+00:00", "updated_at": "2026-06-12 00:42:51.521969+00:00", "lang": "en", "topics": ["ai-safety", "ai-tools"], "entities": ["SwiftUI", "Notion", "shadcn/ui", "Figma", "TryHackMe", "Dev.to", "Apple Developer Program", "Xcode"], "alternates": {"html": "https://wpnews.pro/news/weekly-dev-log-2026-w09", "markdown": "https://wpnews.pro/news/weekly-dev-log-2026-w09.md", "text": "https://wpnews.pro/news/weekly-dev-log-2026-w09.txt", "jsonld": "https://wpnews.pro/news/weekly-dev-log-2026-w09.jsonld"}}