SEI Blog

SEI Bloghttp://www.sei.cmu.edu/feeds/latest/atom/?utm_source=blog&utm_medium=rss2026-05-06T00:00:00-04:00Updates on changes and additions to the SEI Blog.The ELM Library: An LLM Evaluation Toolset2026-05-06T00:00:00-04:002026-05-06T00:00:00-04:00Violet Turri, Natalie Schieber, Charles Loughin, Tyler Brookshttps://www.sei.cmu.edu/blog/the-elm-library-an-llm-evaluation-toolset/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updates

To help teams meet the need for rigorous evaluation methods, researchers in SEI’s AI Division developed a library built on best practices for LLM evaluation and benchmarking.

Data Poisoning in AI Models: The Case for Chain of Custody Controls2026-04-27T00:00:00-04:002026-04-27T00:00:00-04:00Renae Metcalf, Matt Churillahttps://www.sei.cmu.edu/blog/data-poisoning-in-ai-models-the-case-for-chain-of-custody-controls/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updates

This post explores data poisoning, which occurs when training data is modified to influence the performance of a model, and proposes cryptographic chain of custody as a mitigation.

Using Data and Data Analytics to Improve Cyber Resilience2026-04-20T00:00:00-04:002026-04-20T00:00:00-04:00Patsy Buliscohttps://www.sei.cmu.edu/blog/using-data-and-data-analytics-to-improve-cyber-resilience/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updates

Our post highlights the use of data analytics as a force multiplier for cyber resilience as well as best practices to help organizations gain situational awareness on their current security posture.

From Reality to Virtual Reality: The Impact of 3DGS on Training, Education, and Beyond2026-03-25T00:00:00-04:002026-03-25T00:00:00-04:00Roxxanne White, Matt Walsh, Dominic Ross, Richard Laughlinhttps://www.sei.cmu.edu/blog/from-reality-to-virtual-reality-the-impact-of-3dgs-on-training-education-and-beyond/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updates

This blog post describes cutting-edge method for creating digital models of the physical world called 3D Gaussian Splatting.

Assessing the Feasibility and Advisability of a Civilian Cybersecurity Reserve2026-03-10T00:00:00-04:002026-03-10T00:00:00-04:00Marie Bakerhttps://www.sei.cmu.edu/blog/assessing-the-feasibility-and-advisability-of-a-civilian-cybersecurity-reserve/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updates

This post highlights recent work by SEI researchers on behalf of the Department of War to assess the feasibility and advisability of a civilian cybersecurity reserve.

The Five Pillars of Software Assurance in System Acquisition2026-03-04T00:00:00-05:002026-03-04T00:00:00-05:00Dr. Carol Woody, Christopher Alberts, Michael Bandor, Timothy A. Chickhttps://www.sei.cmu.edu/blog/the-five-pillars-of-software-assurance-in-system-acquisition/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updates

This post presents five foundational capabilities to support the acquisition of a system with effective software assurance.

An Approach to Accelerate Verification and Software Standards Testing with LLMs2026-02-09T00:00:00-05:002026-02-09T00:00:00-05:00Ryan Karl, Yash Hindka, Shen Zhang, John Roberthttps://www.sei.cmu.edu/blog/an-approach-to-accelerate-verification-and-software-standards-testing-with-llms/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updates

This post highlights the work of SEI researchers who sought to prove that LLMs can be used in unclassified environments to rapidly develop tools that could then be used to accelerate software analysis in classified environments.

From Concept to Practice: How SSVC Has Evolved to Make Adoption Possible2026-01-28T00:00:00-05:002026-01-28T00:00:00-05:00Renae Metcalf, Allen Householder, Vijay Sarvepallihttps://www.sei.cmu.edu/blog/from-concept-to-practice-how-ssvc-has-evolved-to-make-adoption-possible/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updates

This post traces the milestones of the Stakeholder Specific Vulnerability Categorization and invites the community to participate, contribute, and benefit from the continued maturation of SSVC.

An Open Source Tool to Unravel UEFI and its Vulnerabilities2026-01-22T00:00:00-05:002026-01-22T00:00:00-05:00Vijay Sarvepalli, Renae Metcalf, Cory Cohenhttps://www.sei.cmu.edu/blog/an-open-source-tool-to-unravel-uefi-and-its-vulnerabilities/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updates

This post introduces CERT UEFI Parser, a new, open source tool that uses program analysis to reveal the architecture of UEFI software, and explore this veiled source of vulnerabilities.

Upskilling the Federal Cybersecurity Workforce2026-01-20T00:00:00-05:002026-01-20T00:00:00-05:00Christopher Herrhttps://www.sei.cmu.edu/blog/upskilling-the-federal-cybersecurity-workforce/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updates

This post details how the SEI Cyber Mission Readiness Team, in partnership with CISA, developed a series of Skilling Continuation Labs to provide unique, hands-on, immersive training to upskill the federal cybersecurity workforce.

The Top 10 Blog Posts of 20252026-01-12T00:00:00-05:002026-01-12T00:00:00-05:00Thomas Longstaffhttps://www.sei.cmu.edu/blog/the-top-10-blog-posts-of-2025/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updates

Every January on the SEI Blog, we present the 10 most-visited posts from the previous year.

Analyzing Partially Encrypted Network Flows with Mid-Encryption2025-12-15T00:00:00-05:002025-12-15T00:00:00-05:00Steven Ibarra, Mark Thomashttps://www.sei.cmu.edu/blog/analyzing-partially-encrypted-network-flows-with-mid-encryption/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updates

Encrypted traffic has come to dominate network flows, which makes it difficult for traditional flow monitoring tools to maintain visibility. In this blog post we take a closer look at a new feature added to CERT’s Yet Another Flowmeter tool (YAF) to capture the attributes of encryption when it occurs after the start of the session. We call this mid-encryption.

Tailoring 9 Zero Trust and Security Principles to Weapon Systems2025-12-09T00:00:00-05:002025-12-09T00:00:00-05:00Christopher Alberts, Timothy Morrow, Rhonda Brown, Charles Wallenhttps://www.sei.cmu.edu/blog/tailoring-9-zero-trust-and-security-principles-to-weapon-systems/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updates

Our latest post outlines how 9 zero trust and security principles might apply to weapon systems.

AI-Powered Memory Safety with the Pointer Ownership Model2025-12-03T00:00:00-05:002025-12-03T00:00:00-05:00David Svoboda, Lori Flynnhttps://www.sei.cmu.edu/blog/ai-powered-memory-safety-with-the-pointer-ownership-model/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updates

This post highlights work to automate C Code Security with AI-Powered memory safety.

How to Align Security Requirements and Controls to Express System Threats2025-11-21T00:00:00-05:002025-11-21T00:00:00-05:00Elias Miller, Matthew Siskhttps://www.sei.cmu.edu/blog/how-to-align-security-requirements-and-controls-to-express-system-threats/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updates

This blog post presents a method that combines information about security requirements, controls, and capabilities with analysis regarding cyber threats to enable more effective risk-guided system planning.

From Hype to Adoption: Guiding Organizations in Their AI Journey2025-11-10T00:00:00-05:002025-11-10T00:00:00-05:00Ipek Ozkaya, Anita Carleton, Erin Harper, Natalie Schieber, Robert Edmanhttps://www.sei.cmu.edu/blog/from-hype-to-adoption-guiding-organizations-in-their-ai-journey/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updates

After a flurry of initial investments in artificial intelligence, including generative and agentic AI, many organizations are facing mixed results. The SEI is examining how organizations adopt AI and what methods they can use to measure and improve their adoption for long-term success.

A Model-Based Approach for Software Acquisition2025-11-03T00:00:00-05:002025-11-03T00:00:00-05:00Colin Dempsey, Jerome Hugueshttps://www.sei.cmu.edu/blog/a-model-based-approach-for-software-acquisition/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updates

The Department of War (DoW) is undergoing a significant transformation in how it acquires and develops software systems. Central to this evolution is the shift from traditional document-based processes to model-centric methodologies.

Modeling Services with Model-Based Systems Engineering (MBSE)2025-10-28T00:00:00-04:002025-10-28T00:00:00-04:00Nataliya Shevchenko, Grigoriy Shevchenkohttps://www.sei.cmu.edu/blog/modeling-services-with-model-based-systems-engineering-mbse/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updates

This post explores an approach to designing services using model-based systems engineering (MBSE) with OMG’s Unified Architecture Framework (UAF).

Radio-Frequency Attacks: Securing the OSI Stack2025-10-20T00:00:00-04:002025-10-20T00:00:00-04:00Joseph McIlvennyhttps://www.sei.cmu.edu/blog/radio-frequency-attacks-securing-the-osi-stack/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updates

This blog post reviews common radio frequency attacks and investigates how software and cybersecurity play key roles in these exploitations.

What’s New in SSVC: Build, Explore, and Evolve Your Decision Models2025-10-13T00:00:00-04:002025-10-13T00:00:00-04:00Bon Jin Koo, Renae Metcalf, Vijay Sarvepalli, Allen Householderhttps://www.sei.cmu.edu/blog/whats-new-in-ssvc-build-explore-and-evolve-your-decision-models/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updates

Recent updates to the Stakeholder-Specific Vulnerability Categorization (SSVC) framework help different stakeholders to prioritize vulnerabilities according to their distinct risk appetites.