**The Top 10 Blog Posts of 2025**
As we welcome a new year, the Software Engineering Institute (SEI) is excited to share its most popular blog posts from 2025. This list highlights the SEI's work in various areas, including software acquisition, artificial intelligence, threat modeling, machine learning test and evaluation, and enterprise risk management.
**10. Perspectives on Generative AI in Software Engineering and Acquisition**
In this thought-provoking post, a group of SEI experts explores the potential of generative AI technologies such as ChatGPT, DALL·E, and Copilot to improve developer productivity and rate of production of related artifacts. The authors examine how software and acquisition professionals can effectively apply AI-augmented methods and tools in their workflows.
Read the post in its entirety [link]
**9. 13 Cybersecurity Predictions for 2025**
Greg Touhill, Director of CERT, shares his yearly reflection on cybersecurity trends and predictions for 2025. With decades of experience in information technology and cybersecurity, Touhill provides insights into what we can expect to see in the coming year.
Read the post in its entirety [link]
**8. Stop Imagining Threats, Start Mitigating Them: A Practical Guide to Threat Modeling**
Threat modeling is a critical aspect of developing secure software-intensive systems. In this practical guide, Alex Vesey explains how to use threat models to make credible claims about attacks and ground those claims in observations of adversary tactics, techniques, and procedures (TTPs).
Read the post in its entirety [link]
**7. Introducing MLTE: A Systems Approach to Machine Learning Test and Evaluation**
Machine learning systems can be notoriously difficult to test. In this groundbreaking post, Alex Derr, Sebastián Echeverría, Katherine R. Maffey, and Grace Lewis introduce the Machine Learning Test and Evaluation (MLTE) process and tool jointly developed by SEI and the Army AI Integration Center.
Read the post in its entirety [link]
**6. Artificial Intelligence in National Security: Acquisition and Integration**
As defense and national security organizations consider integrating AI into their operations, many acquisition teams are unsure of where to start. In this informative post, Paige Rishel, Carol J. Smith, Brigid O'Hearn, and Rita C. Creel detail practitioner insights from an AI Acquisition workshop.
Read the post in its entirety [link]
**5. Out of Distribution Detection: Knowing When AI Doesn’t Know**
Eric Heim and Cole Frank explore the critical challenge of out-of-distribution detection in AI systems. They examine how to identify when an AI system is facing situations it wasn't trained to handle, highlighting the importance of calibrated trust measurement and evaluation.
Read the post in its entirety [link]
**4. Introducing the Insider Incident Data Exchange Standard (IIDES)**
In this innovative post, Austin Whisnant introduces the Insider Incident Data Exchange Standard (IIDES) schema for insider incident data collection. The authors provide an example use case and invite collaboration on its development.
Read the post in its entirety [link]
**3. The DevSecOps Capability Maturity Model**
Timothy A. Chick, Brent Frye, and Aaron Reffett propose a frame of reference for DevSecOps maturity, enabling organizations to focus on outcomes rather than compliance. They introduce the DevSecOps Platform Independent Model (PIM) as an authoritative reference model.
Read the post in its entirety [link]
**2. Evaluating LLMs for Text Summarization: An Introduction**
Shannon Gallagher, Swati Rallapalli, and Tyler Brooks explore the potential of large language models (LLMs) for text summarization in high-stakes applications such as intelligence report summarization.
Read the post in its entirety [link]
**1. The Risks Associated with Radio Frequency Communication**
This informative post delves into the fundamentals of radio frequency communication, exploring common protocols and device interactions, RF tools, and ways malicious actors can attack systems.
Read the post in its entirety [link]
Stay tuned for more cutting-edge research from the SEI by checking back weekly for posts highlighting work in artificial intelligence, machine learning, cybersecurity, software engineering, and vulnerability management.