Securing Open Source Supply Chains with LLMs
Mikola Lysenko, Philipp Burckhardt
Socket Security employs a unique blend of static analysis and AI reasoning to detect malicious packages within npm and pypi registries. Our system has flagged over 6,000 threats in real time, showcasing its efficacy in scaling across 190,000+ repositories and hundreds of millions of unique package versions. We will discuss some of the challenges and tricks we've used to get this system working and give some general thoughts on prompt engineering for data mining applications.