# Threat Model

## Priority Risks
- Content piracy and unauthorized sharing
- Account/session abuse
- Horizontal privilege escalation
- Sensitive data exposure

## Core Controls
- DRM-backed delivery
- role-based access control
- strict authorization checks on course consumption endpoints