SE Radio 692: Sourabh Satish on Prompt Injection

Sourabh Satish, CTO and co-founder of Pangea, speaks with SE Radio's Brijesh Ammanath about prompt injection. Sourabh begins with the basic concepts underlying prompt injection and the key risks it introduces. From there, they take a deep dive into the OWASP Top 10 security concerns for LLMs, and Sourabh explains why prompt injection is the top risk in this list. He describes the $10K Prompt Injection challenge that Pangea ran, and explains the key learnings from the challenge. The episode finishes with discussion of specific prompt-injection techniques and the security guardrails used to counter the risk. Brought to you by IEEE Computer Society and IEEE Software magazine.

Kacper Łukawski, a Senior Developer Advocate at Qdrant, speaks with host Gregory M. Kapfhammer about the Qdrant vector database and similarity search engine. After introducing vector databases and the foundational concepts undergirding similarity search, they dive deep into the Rust-based implementation of Qdrant. Along with comparing and contrasting different vector databases, they also explore the best practices for the performance evaluation of systems like Qdrant. Kacper and Gregory also discuss topics such as the steps for using Python to build an AI-powered application that uses Qdrant. Brought to you by IEEE Computer Society and IEEE Software magazine.

Florian Gilcher, co-founder of Ferrous Systems and the Rust Foundation, speaks with host Giovanni Asproni about the application of Rust in mission- and safety-critical systems. The discussion starts with a brief overview of such systems, and an introduction to Rust, emphasizing aspects that make it well-suited for critical environments. Florian and Giovanni then discuss how Rust compares to C and C++ — two widely used languages in this sector. They proceed to outline important factors that companies should consider when assessing whether to move from C or other languages to Rust. The episode also touches on Ferrocene, an open-source Rust toolchain qualified for safety- and mission-critical systems, which was developed and supported by Ferrous Systems. The conversation ends with some reflections on the future of Rust for mission- and safety-critical applications. Brought to you by IEEE Computer Society and IEEE Software magazine.

Amey Desai, the Chief Technology Officer at Nexla, speaks with host Sriram Panyam about the Model Context Protocol (MCP) and its role in enabling agentic AI systems. The conversation begins with the fundamental challenge that led to MCP's creation: the proliferation of "spaghetti code" and custom integrations as developers tried to connect LLMs to various data sources and APIs. Before MCP, engineers were writing extensive scaffolding code using frameworks such as LangChain and Haystack, spending more time on integration challenges than solving actual business problems. Desai illustrates this with concrete examples, such as building GitHub analytics to track engineering team performance. Previously, this required custom code for multiple API calls, error handling, and orchestration. With MCP, these operations can be defined as simple tool calls, allowing the LLM to handle sequencing and error management in a structured, reasonable manner. The episode explores emerging patterns in MCP development, including auction bidding patterns for multi-agent coordination and orchestration strategies. Desai shares detailed examples from Nexla's work, including a PDF processing system that intelligently routes documents to appropriate tools based on content type, and a data labeling system that coordinates multiple specialized agents. The conversation also touches on Google's competing A2A (Agent-to-Agent) protocol, which Desai positions as solving horizontal agent coordination versus MCP's vertical tool integration approach. He expresses skepticism about A2A's reliability in production environments, comparing it to peer-to-peer systems where failure rates compound across distributed components. Desai concludes with practical advice for enterprises and engineers, emphasizing the importance of embracing AI experimentation while focusing on governance and security rather than getting paralyzed by concerns about hallucination. He recommends starting with simple, high-value use cases like automated deployment pipelines and gradually building expertise with MCP-based solutions. Brought to you by IEEE Computer Society and IEEE Software magazine.

Daniel Stenberg, Swedish Internet protocol expert and founder and lead developer of the Curl project, speaks with SE Radio host Gavin Henry about removing Rust from Curl. They discuss why Hyper was removed from curl, why the last five percent of making it a success was difficult, what the project gained from the 5-year attempt to tackle bringing Rust into a C project, lessons learned for next time, why user support is critical, and the positive long-lasting impact this attempt had. Brought to you by IEEE Computer Society and IEEE Software magazine.

Elizabeth Figura, a Wine Developer at CodeWeavers, speaks with SE Radio host Jeremy Jung about the Wine compatibility layer and the Proton distribution. They discuss a wide range of details including system calls, what people run with Wine, how games are built differently, conformance and regression testing, native performance, emulating a CPU vs emulating system calls, the role of the Proton downstream distribution, improving Wine compatibility by patching the Linux kernel and other related projects, Wine's history and sustainment, the Crossover commercial distribution, porting games without source code, loading executables and linked libraries, the difference between user space and kernel space, poor Windows API documentation and use of private APIs, debugging compatibility issues, and contributing to the project. This episode is sponsored by Monday Dev

François Daoust, W3C staff member and co-chair of the Web Developer Experience Community Group, discusses the origins of the W3C, the browser standardization process, and how it relates to other organizations like TC39, WHATWG, and IETF. This episode covers a lot of ground, including funding through memberships, royalty-free patent access for implementations, why implementations are built in parallel with the specifications, why requestVideoFrameCallback doesn't have a formal specification, balancing functionality with privacy, working group participants, and how certain organizations have more power. François explains why the W3C hasn't specified a video or audio codec, and discusses Media Source Extensions, Encrypted Media Extensions and Digital Rights Management (DRM), closed source content decryption modules such as Widevine and PlayReady, which ship with browsers, and informing developers about which features are available in browsers. Brought to you by IEEE Computer Society and IEEE Software magazine.

In this episode, Will Wilson, CEO and co-founder of Antithesis, explores Deterministic Simulation Testing (DST) with host Sriram Panyam. Wilson was part of the pioneering team at FoundationDB that developed this revolutionary testing approach, which was later acquired by Apple in 2015. After seeing that even sophisticated organizations lacked robust testing for distributed systems, Wilson co-founded Antithesis in 2018 to make DST commercially available. Deterministic simulation testing runs software in a fully controlled, simulated environment in which all sources of non-determinism are eliminated or controlled. Unlike traditional testing or chaos engineering, DST operates in a separate environment from production, allowing for aggressive fault injection without risk to live systems. The key breakthrough is perfect reproducibility -- any bug found can be recreated exactly using the same random seed. Antithesis built "The Determinator," a custom deterministic hypervisor that simulates entire software stacks including virtual hardware, networking, and time. The system can compress years of stress testing into shorter timeframes by running simulations faster than wall-clock time. All external interfaces that could introduce non-determinism (network calls, disk I/O, system time) are mocked or controlled by the simulator. The approach has proven effective with major organizations including MongoDB, Palantir, and Ethereum. For Ethereum's critical "Merge" upgrade in 2022, Antithesis found and helped fix several serious bugs that could have been catastrophic for the live network. The platform typically finds bugs that traditional testing methods miss entirely -- such as those arising from rare race conditions, complex timing issues, and unexpected system interactions. This episode is sponsored by Monday Dev

Daniel Deogun and Dan Bergh Johnsson -- two of the co-authors of the book, Secure by Design -- discuss the intersection of good software design and security with host Sam Taggart. They describe how following certain software design principles can help developers create secure software without needing to become security experts. They talked about how this is the continuation of developers taking on more responsibilities: Agile asked developers to become responsible for testing their code. DevOps asked developers to work together with operations in deploying their code. Secure by Design asks developers to incorporate security into their designs. Brought to you by IEEE Computer Society and IEEE Software magazine.

Artie Shevchenko, author of Code Health Guardian, speaks with host Jeff Doolittle about the crucial role of human programmers in the AI era, emphasizing that humans must excel at managing code complexity. Shevchenko discusses these concepts and key takeaways from his book, including the three problems caused by complexity: change amplification, cognitive load, and the most severe, unknown unknowns. He suggests that maintaining code health should be viewed pragmatically as a productivity question, requiring an ownership mentality and product focus to balance short-term delivery with long-term maintainability. The episode also covers vital processes such as using design documents for upfront analysis and code reviews, highlighting four goals: high code quality, knowledge sharing, delivery speed, and -- most important for team productivity -- psychological safety. This episode is sponsored by Monday Dev