<p>Modern software is built on layers and layers of code. So how do we know we can trust it?</p><p>In this episode of <strong>Alexa’s Input (AI)</strong>, Alexa Griffith sits down with <strong>Justin Cappos</strong>, professor of computer science at NYU and a leading expert in software supply chain security, to unpack what trust really means in today’s digital infrastructure.</p><p>From package managers and dependency chains to large-scale outages and AI systems built on inherited code, Justin explains why many security failures aren’t random accidents, they’re predictable consequences of weak process, misaligned incentives, and insecure design.</p><p>They discuss:</p><ul><li><p>Why security only becomes visible when something breaks</p></li><li><p>The difference between unavoidable failure and negligence</p></li><li><p>How modern software supply chains amplify small mistakes</p></li><li><p>The role of leadership and culture in preventing breaches</p></li><li><p>Why verification systems like TUF and in-toto matter more than ever</p></li></ul><p>As AI accelerates development and increases system complexity, the need for verifiable trust only grows. This episode is a practical look at the invisible infrastructure that keeps modern software, and increasingly, modern AI, from collapsing under its own complexity.</p><p><br></p><p><strong>Podcast Links</strong></p><p>Watch: <a href="https://www.youtube.com/@alexa_griffith">⁠⁠⁠⁠⁠⁠https://www.youtube.com/@alexa_griffith⁠⁠⁠⁠⁠⁠</a></p><p>Read: <a href="https://alexasinput.substack.com/">⁠⁠⁠⁠⁠⁠⁠⁠https://alexasinput.substack.com/⁠⁠⁠⁠⁠⁠⁠⁠</a></p><p>Listen:<a href="https://creators.spotify.com/pod/profile/alexagriffith/">⁠⁠⁠⁠ https://creators.spotify.com/pod/profile/alexagriffith/⁠⁠⁠⁠</a></p><p><br></p><p>More: <a href="https://linktr.ee/alexagriffith">⁠⁠⁠⁠⁠⁠https://linktr.ee/alexagriffith⁠⁠⁠⁠⁠⁠</a></p><p><br></p><p>Website: <a href="https://alexagriffith.com/">⁠⁠⁠⁠⁠⁠https://alexagriffith.com/⁠⁠⁠⁠⁠⁠</a></p><p>LinkedIn: <a href="https://www.linkedin.com/in/alexa-griffith/">⁠⁠⁠⁠⁠⁠https://www.linkedin.com/in/alexa-griffith/⁠⁠⁠⁠⁠</a></p><p><br></p><p><strong>Find out more about the guest at:</strong></p><p>Website: <a href="https://engineering.nyu.edu/faculty/justin-cappos">https://engineering.nyu.edu/faculty/justin-cappos</a></p><p>NYU page: <a href="https://ssl.engineering.nyu.edu/personalpages/jcappos/">https://ssl.engineering.nyu.edu/personalpages/jcappos/</a></p><p>Wikipedia: <a href="https://en.wikipedia.org/wiki/Justin_Cappos">https://en.wikipedia.org/wiki/Justin_Cappos</a></p><p><br></p><p><br></p><p>Chapters</p><p><br></p><p>00:00 Introduction to Justin Cappos and His Work</p><p>01:17 The Importance of Security in Software Systems</p><p>03:50 Understanding Security Breaches: Mistakes vs. System Design Problems</p><p>06:34 Cultural Factors in Security Failures</p><p>09:25 Justin&#39;s Journey in Software Security</p><p>12:03 The Role of Academia in Enterprise Security</p><p>14:10 Evaluating Enterprise Security Systems</p><p>16:58 Foundational Projects in Software Security</p><p>19:21 AI Security Concerns and Future Directions</p><p>24:59 The Need for MCP 2.0</p><p>28:57 Security Challenges with LLMs</p><p>32:33 Designing Secure AI Systems</p><p>37:14 Ethical Dilemmas in AI Decision-Making</p><p>40:17 The Role of AI in Open Source</p><p>43:44 Trust and Mindset in AI Security</p><p><br></p>