When I see organizations perform threat modeling, rarely will I see them model for threats which evolve over some period of time or react to the organization’s action / reaction. Why? I do not know. I hear it is too hard but it really isn’t. I model these evolutionary-based risks using novel evolutionary algorithms. Generally speaking, evolutionary risk modeling techniques can be split into two categories: evolutionary algorithms and evolvable hardware. At the core of the techniques is that they solve problem sets in the same manner as a human. In the public sector, evolvable hardware is extremely immature. There are many practical and cost-related challenges, which must be overcome before one may reap the benefits of large scale applications of this technology. But that doesn’t mean it isn’t being done.