Securing the Software Supply Chain with LLMs
Securing the Software Supply Chain with LLMs  
Podcast: AI + a16z
Published On: Fri May 03 2024
Description: Socket Founder and CEO Feross Aboukhadijeh joins a16z's Joel de la Garza and Derrick Harris to discuss the open-source software supply chain. Feross and Joel share their thoughts and insights on topics ranging from the recent XZutils attack to how large language models can help overcome understaffed security teams and overwhelmed developers. Despite some increasingly sophisticated attacks making headlines and compromising countless systems, they're optimistic that LLMs, in particular, could be a turning point for security blue teams. As Feross sums up one possibility:"The way we think about gen AI on the defensive side is that it's not as good as a human looking at the code, but it's something. . . . Our challenge is that we want to scan all the open source code that exists out there. That is not something you can pay humans to do. That is not scalable at all. But, with the right techniques, with the right pre-filtering stages, you can actually put a lot of that stuff through LLMs and out the other side will pop a list of of risky packages."And then that's a much smaller number that you can have humans take a look at. And so we're using it as a tool . . . to find the needle in the haystack, what is worth looking at. It's not perfect, but it can help cut down on the noise and it can even make this problem tractable, which previously wasn't even tractable."More about Socket and  cybersecurity:SocketInvesting in SocketHiring a CISOFollow everyone :Feross AboukhadijehJoel de la GarzaDerrick Harris Check out everything a16z is doing with artificial intelligence here, including articles, projects, and more podcasts.