SEI Podcasts

Modern data analytic methods and tools—including artificial intelligence (AI) and machine learning (ML) classifiers—are revolutionizing prediction capabilities and automation through their capacity to analyze and classify data. To produce such results, these methods depend on correlations. However, an overreliance on correlations can lead to prediction bias and reduced confidence in AI outputs.  Drift in data and concept, evolving edge cases, and emerging phenomena can undermine the correlations that AI classifiers rely on. As the U.S. government increases its use of AI...

SEI Podcasts

How can you ever know whether an LLM is safe to use? Even self-hosted LLM systems are vulnerable to adversarial prompts left on the internet and waiting to be found by system search engines. These attacks and others exploit the complexity of even seemingly secure AI systems.   In our latest podcast from the Carnegie Mellon University Software Engineering Institute (SEI), David Schulker and Matthew Walsh, both senior data scientists in the SEI’s CERT Division, sit down with Thomas Scanlon, lead of the CERT Data Science Technical Program, to discuss their work on System Theoretic...

SEI Podcasts

Software bills of materials or SBOMs are critical to software security and supply chain risk management. Ideally, regardless of the SBOM tool, the output should be consistent for a given piece of software. But that is not always the case. The divergence of results can undermine confidence in software quality and security. In our latest podcast from the Carnegie Mellon University Software Engineering Institute (SEI), Jessie Jamieson, a senior cyber risk engineer in the SEI’s CERT Division, sits down with Matt technical director of Risk and Resilience in CERT, to talk about how to achieve more...

SEI Podcasts

Application programing interfaces, more commonly known as APIs, are the engines behind the majority of internet traffic. The pervasive and public nature of APIs have increased the attack surface of the systems and applications they are used in. In this  podcast from the Carnegie Mellon University Software Engineering Institute (SEI), McKinley Sconiers-Hasan, a solutions engineer in the SEI’s CERT Division, sits down with Tim Morrow, Situational Awareness Technical Manager, also with the CERT Division, to discuss emerging API security issues and the application of zero-trust architecture...

SEI Podcasts

Artificial intelligence (AI) is a transformational technology, but it has limitations in challenging operational settings. Researchers in the AI Division of the Carnegie Mellon University Software Engineering Institute (SEI) work to deliver reliable and secure AI capabilities to warfighters in mission-critical environments. In our latest podcast, Matt Gaston, director of the SEI’s AI Division, sits down with Matt Butkovic, technical director of the SEI CERT Division’s Cyber Risk and Resilience program, to discuss the SEI's ongoing and future work in AI, including test and evaluation, the...

SEI Podcasts

A recent Google survey found that many developers felt comfortable using the Rust programming language in two months or less. Yet barriers to Rust adoption remain, particularly in safety-critical systems, where features such as memory and processing power are in short supply and compliance with regulations is mandatory. In our latest podcast from the Carnegie Mellon University Software Engineering Institute (SEI), Vaughn Coates, an engineer in the SEI’s Software Solutions Division, sits down with Joe Yankel, initiative Lead of the DevSecOps Innovations team at the SEI, to discuss the...

SEI Podcasts

In response to Executive Order (EO) 14028, Improving the Nation’s Cybersecurity, the National Institute of Standards and Technology (NIST) recommended . Threat modeling is at the top of the list. In this podcast from the Carnegie Mellon University Software Engineering Institute (SEI), Natasha Shevchenko and Alex Vesey, both engineers with the SEI’s CERT Division, sit down with Timothy Chick, technical manager of CERT’s Applied Systems Group, to discuss how threat modeling can be used to protect software-intensive systems from attack. Specifically, they explore how threat models can...

SEI Podcasts

Container images are increasingly being used as the main method for software deployment, so ensuring the reproducibility of container images is becoming a critical step in protecting the software supply chain. In practice, however, builds are often not reproducible due to elements of the build environment that rely on nondeterministic factors such as timestamps and external dependencies. Lack of reproducibility can lead to lack of trust, broken builds, and possibly mask hidden malware insertion. Vessel, a recent tool from the Carnegie Mellon University Software Institute (SEI), helps...

SEI Podcasts

Software enables our way of life, but market forces have sidelined security concerns leaving systems vulnerable to attack. Fixing this problem will require the software industry to develop an initial standard for creating software that is secure by design. These are the findings of a recently released paper coauthored by Greg Touhill, director of the Software Engineering Institute (SEI) CERT Division. In this latest SEI podcast, Touhill and Matthew Butkovic, director of Cyber Risk and Resilience at CERT, discuss the paper including its recommendations for making software secure by...

SEI Podcasts

A January 2025 Defense Innovation Board study on scaling nontraditional defense innovation stated, “We must act swiftly to ensure the DoD leads in global innovation and competition over AI and autonomous systems – and is a trendsetter for their responsible use in modern warfare." In this podcast from the Carnegie Mellon University Software Engineering Institute (SEI), chief technical officer Tom Longstaff discusses the SEI’s long-standing work to help the DoD rapidly scale technology including artificial intelligence (AI) and autonomous systems.