10-27, 15:40–16:05 (Europe/Berlin), Main stage
Socket Security employs a unique blend of static analysis and AI reasoning to detect malicious packages within npm and pypi registries. Our system has flagged over 6,000 threats in real time, showcasing its efficacy in scaling across 190,000+ repositories and hundreds of millions of unique package versions. We will discuss some of the challenges and tricks we've used to get this system working and give some general thoughts on prompt engineering for data mining applications.
As the digital landscape evolves, so do the challenges of ensuring the safety of open-source software. While many are intrigued by the concept of AI prompting and Large Language Models (LLMs), Socket Security offers a firsthand look into the real-world application of this nascent technology. This talk provides:
- A deep dive into the intricacies of prompt engineering, a topic at the forefront of AI but still unfamiliar to many.
- Insight into balancing performance, cost, and vast data handling, essential for those keen on understanding the challenges of deploying LLMs at scale.
- An exploration of the operational challenges, pulling back the curtain on what it truly takes to scour millions of packages using an AI LLM.
- A chance to talk about the cyber security aspect of package management, which may be relevant to the audience at PackagingCon
Philipp Burckhardt is Lead Data Scientist at Socket (socket.dev), where he is helping to secure software supply chains by utilizing artificial intelligence.
Together with Athan Reines, he is engaged in the development of a standard library for JavaScript bringing numerical and statistical computing to the web (https://github.com/stdlib-js/stdlib). An avid open-source contributor, he has spoken at various international conferences on topics ranging from political science, health-care informatics to machine learning and software engineering.
He holds a PhD ins Statistics & Data Science from Carnegie Mellon University,