Sign up to save your podcasts
Or
Share Securing the Software Supply Chain with LLMs
Share to email
Share to Facebook
Share to X
Share to email
Share to Facebook
Share to X
Or
Securing the Software Supply Chain with LLMs
Socket Founder and CEO Feross Aboukhadijeh joins a16z's Joel de la Garza and Derrick Harris to discuss the open-source software supply chain. Feross and Joel share their thoughts and insights on topics ranging from the recent XZutils attack to how large language models can help overcome understaffed security teams and overwhelmed developers.
Despite some increasingly sophisticated attacks making headlines and compromising countless systems, they're optimistic that LLMs, in particular, could be a turning point for security blue teams. As Feross sums up one possibility:
"The way we think about gen AI on the defensive side is that it's not as good as a human looking at the code, but it's something. . . . Our challenge is that we want to scan all the open source code that exists out there. That is not something you can pay humans to do. That is not scalable at all. But, with the right techniques, with the right pre-filtering stages, you can actually put a lot of that stuff through LLMs and out the other side will pop a list of of risky packages.
"And then that's a much smaller number that you can have humans take a look at. And so we're using it as a tool . . . to find the needle in the haystack, what is worth looking at. It's not perfect, but it can help cut down on the noise and it can even make this problem tractable, which previously wasn't even tractable."
More about Socket and cybersecurity:
Socket
Investing in Socket
Hiring a CISO
Follow everyone :
Feross Aboukhadijeh
Joel de la Garza
Derrick Harris
Check out everything a16z is doing with artificial intelligence here, including articles, projects, and more podcasts.
Please note that the content here is for informational purposes only; should NOT be taken as legal, business, tax, or investment advice or be used to evaluate any investment or security; and is not directed at any investors or potential investors in any a16z fund. a16z and its affiliates may maintain investments in the companies discussed. For more details please see a16z.com/disclosures.
Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.
View all episodes
By a16z
4.6
2929 ratings
Socket Founder and CEO Feross Aboukhadijeh joins a16z's Joel de la Garza and Derrick Harris to discuss the open-source software supply chain. Feross and Joel share their thoughts and insights on topics ranging from the recent XZutils attack to how large language models can help overcome understaffed security teams and overwhelmed developers.
Despite some increasingly sophisticated attacks making headlines and compromising countless systems, they're optimistic that LLMs, in particular, could be a turning point for security blue teams. As Feross sums up one possibility:
"The way we think about gen AI on the defensive side is that it's not as good as a human looking at the code, but it's something. . . . Our challenge is that we want to scan all the open source code that exists out there. That is not something you can pay humans to do. That is not scalable at all. But, with the right techniques, with the right pre-filtering stages, you can actually put a lot of that stuff through LLMs and out the other side will pop a list of of risky packages.
"And then that's a much smaller number that you can have humans take a look at. And so we're using it as a tool . . . to find the needle in the haystack, what is worth looking at. It's not perfect, but it can help cut down on the noise and it can even make this problem tractable, which previously wasn't even tractable."
More about Socket and cybersecurity:
Socket
Investing in Socket
Hiring a CISO
Follow everyone :
Feross Aboukhadijeh
Joel de la Garza
Derrick Harris
Check out everything a16z is doing with artificial intelligence here, including articles, projects, and more podcasts.
Please note that the content here is for informational purposes only; should NOT be taken as legal, business, tax, or investment advice or be used to evaluate any investment or security; and is not directed at any investors or potential investors in any a16z fund. a16z and its affiliates may maintain investments in the companies discussed. For more details please see a16z.com/disclosures.
Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.
More shows like AI + a16z
View all
This Week in Startups
1,288 Listeners
The Twenty Minute VC (20VC): Venture Capital | Startup Funding | The Pitch
537 Listeners
The Official SaaStr Podcast: SaaS | Founders | Investors
175 Listeners
The a16z Show
1,089 Listeners
NVIDIA AI Podcast
334 Listeners
Y Combinator Startup Podcast
226 Listeners
Practical AI
211 Listeners
Dwarkesh Podcast
511 Listeners
Raising Health
148 Listeners
web3 with a16z crypto
61 Listeners
No Priors: Artificial Intelligence | Technology | Startups
131 Listeners
The Ben & Marc Show
141 Listeners
Lightcone Podcast
21 Listeners
Training Data
40 Listeners
Uncapped with Jack Altman
44 Listeners