2 min listen
Securing the Software Supply Chain with LLMs
FromAI + a16z
ratings:
Length:
39 minutes
Released:
May 3, 2024
Format:
Podcast episode
Description
Socket Founder and CEO Feross Aboukhadijeh joins a16z's Joel de la Garza and Derrick Harris to discuss the open-source software supply chain. Feross and Joel share their thoughts and insights on topics ranging from the recent XZutils attack to how large language models can help overcome understaffed security teams and overwhelmed developers. Despite some increasingly sophisticated attacks making headlines and compromising countless systems, they're optimistic that LLMs, in particular, could be a turning point for security blue teams. As Feross sums up one possibility:"The way we think about gen AI on the defensive side is that it's not as good as a human looking at the code, but it's something. . . . Our challenge is that we want to scan all the open source code that exists out there. That is not something you can pay humans to do. That is not scalable at all. But, with the right techniques, with the right pre-filtering stages, you can actually put a lot of that stuff through LLMs and out the other side will pop a list of of risky packages."And then that's a much smaller number that you can have humans take a look at. And so we're using it as a tool . . . to find the needle in the haystack, what is worth looking at. It's not perfect, but it can help cut down on the noise and it can even make this problem tractable, which previously wasn't even tractable."More about Socket and cybersecurity:SocketInvesting in SocketHiring a CISOFollow everyone :Feross AboukhadijehJoel de la GarzaDerrick Harris
Check out everything a16z is doing with artificial intelligence here, including articles, projects, and more podcasts.
Check out everything a16z is doing with artificial intelligence here, including articles, projects, and more podcasts.
Released:
May 3, 2024
Format:
Podcast episode
Titles in the series (11)
Welcome to the AI + a16z podcast: The AI + a16z podcast captures our thinking on AI across a broad swath of areas, from the infrastructure that powers today’s foundation models to how specific tools, like LLMs, are reshaping the hiring process. Looking forward, you can expect to hear about a list of topics that includes the latest advances in generative AI, cybersecurity, and the emerging stack of tools for building and running LLMs. by AI + a16z