Skip to main content

What’s in the SOSS? Podcast #5 – OpenAI’s Matt Knight and Exploring the Intersection of AI and Open Source Security

By June 4, 2024Podcast

Summary

Matt Knight is Head of Security at OpenAI, where he builds IT, privacy and security programs. His teams also collaborate on security research with teams across OpenAI and with the broader security research community. Their goal is to explore the frontier of AI, understand its impacts and maximize its benefits, especially in the cybersecurity domain.

Conversation Highlights

  • 00:40 – Matt’s duties at OpenAI
  • 01:52 – Matt’s accidental journey into cybersecurity
  • 05:18 – The intersection of AI and open source
  • 06:45 – Matt’s thoughts on how AI can help security professionals
  • 08:53 – Details on the AI Cyber Challenge (AIxCC)
  • 10:53 – Matt answers Omkhar’s rapid-fire questions
  • 12:29 – Advice Matt would give to aspiring security professionals
  • 13:00 – Matt’s call-to-cation for listeners

Transcript

Matt Knight soundbite (00:01)
AI has the potential to help cybersecurity practitioners where they’re constrained. That’s important because cybersecurity engineers face a lot of constraints. Every security team is constrained by capabilities, is always up against pressure to be faster and is always up against pressure to access greater scale. 

Omkhar Arasaratnam (00:18)
Welcome to What’s in the SOSS? I am your host Omkhar Arasaratnam. I am also the general manager of the OpenSSF. Today we have a good friend of mine Matt Knight Matt. Why don’t you tell us what you do?

Matt Knight (00:31)
Hey, my name is Matt Knight. I’m the head of security at OpenAI.

Omkhar Arasaratnam (00:34)
I feel like you’re burying the lead here. What does the head of security at OpenAI do? I mean, it doesn’t sound like a boring job.

Matt Knight (00:40)
Yeah, it keeps me on my toes. So I joined OpenAI back in 2020 and have been building the security, privacy and IT programs since then. Before OpenAI, I spent most of my career protecting companies and institutions that had comparable high-value research and technology. I also co-founded a company called Agitator that focused on security research. And if you go far enough back, I started my career as an electrical engineer before getting into security.

But these days I spend most of my time focused on security engineering and building the systems for developing and deploying advanced AI. My teams and I also collaborate on security research with teams across OpenAI and with the broader security research community to explore the frontier of this technology, understand its impacts and also maximize its benefits, specifically as far as I’m concerned, on the cybersecurity domain. 

And internally this involves using large language models wherever we can to enable our security program. And yes, even doing some open source work of our own, too. So it’s great to be here and I look forward to a great discussion.

Omkhar Arasaratnam (01:46)
Wonderful. Thanks, Matt. Sounds like you’ve had quite a journey in terms of security. Why don’t we start at the beginning? How’d you get into security?

Matt Knight (01:52)
To put the bottom line up front: accidentally. So I started my career as an electrical engineer, as I mentioned, I studied EE in college and EE is a pretty big field. You can be sort of on one end of the spectrum, you can be doing analog electronics on the other end, you can do digital, coupled with software engineering.

And I was always more on the digital side. So my first job out of college, I was working as an embedded software engineer, writing software for wireless networking stacks. And it was pretty interesting work, but I got to a point in my work where I found that I needed a spectrum analyzer to debug a system I was working on. And if you’ve ever had to buy lab equipment, you know that it’s really expensive. 

But right around that time, there was this open source project called GNU Radio that was getting a lot of buzz. And GNU Radio was really cool because it was this powerful open source signal processing toolkit that enabled basically like using software to implement all these different radio engineering and signal processing tools.

And between GNU Radio and some low-cost commodity hardware, I was able to get my hands on, I was able to basically build my own spectrum analyzer to help me do my work in developing and debugging these wireless systems. So I had this toolkit for monitoring the spectrum and it was pretty useful for that, but I kind of kept playing with it and found that you could use it not only to, you know, capture and analyze signals, you could also use it to replace signals, to generate your own signals. 

And, you know, realized that, you know, when you, if you captured a signal and replayed it, a lot of devices would just accept it and would, would, you know, treat that as valid. And that really freaked me out. Also got me, you know, was sort of my first contact with how, you know, vulnerable much of that ecosystem was. And I kind of couldn’t look away from it. 

So, I started doing security research on my own nights and weekends, wound up having the opportunity to make a career out of it. And wound up doing a lot of work in that, you know, open source or in that, that wireless security space, a lot of which was supported by this really vibrant open source community at the time. And I did that for a while and then made the choice a couple of years later to make a career transition into what I’m doing now.

And I’ve been spending roughly the last decade playing defense. I still have a lot of passion for the wireless space, but these days I’m spending my time protecting companies rather than doing wireless research.

Omkhar Arasaratnam (04:16)
You might have come up with the Flipper Zero before the Flipper Zero.

Matt Knight (04:19)
Flipper Zero is pretty cool. No, I was working with other sort of open source and some proprietary bits of hardware, but really underpinning all of it was GNU Radio. GNU Radio is a really, really powerful open source tool. There’s a ton of great academic and commercial work and research being done on it.

They have a great community around it. I’ve spoken to their conference a couple of times. And if you go far enough back, I open sourced at least one GNU Radio module myself based on research that I’ve done. So quick shout out to that community. It’s still going strong. And I’m always impressed with the great folks who work on that toolchain are coming up with.

Omkhar Arasaratnam (04:57)
I’m happy to hear that. So open source, it’s been with you for a really long time. Let’s talk about your day job now. So you’re working on a lot of cutting-edge stuff. As we think about AI, large language models, generative AI, how much of that world is supported by open source? What’s that look like?

Matt Knight (05:18)
Quite a bit of it is derived from open source. And I’d say that most companies are, to some degree, leveraging open source and also building their own. If we look at many of the frameworks that the AI industry leverages, think things like PyTorch and TensorFlow, they started in various ways within companies but now are open source and are sort of robustly supported by broad communities.

And if you go beyond the frameworks, there are of course, myriad dependencies that companies depend on to do their research and also to run their infrastructure. And of course, much of the world’s AI training infrastructure runs on Linux, which is, you know, of itself, of course, open source. So I’d say that by and large, you know, open sources is pretty important to AI research and innovation. 

But beyond AI, you know, much of the tools that the security industry uses too, you know, have open source connections too. So there’s a network security tool called Zeek that most security, well, I shouldn’t say most, but many security teams use in different ways that’s really powerful. And then, you know, in other domains like code scanning, we’ve got some newer tools like Semgrep and CodeQL that are really powerful. 

Omkhar Arasaratnam (06:25)
So we talked about how open source is a lot of foundational components of what we use in terms of AI today and how open source is a foundational component in a lot of the security tools we use. What if we inverted that? How can we use AI to improve the security of open source? Do you have any thoughts on that?

Matt Knight (06:45)
I do. So my teams and I spend a portion of our time studying and analyzing how advances in AI may impact cybersecurity. And we want those benefits to be, of course, as broadly distributed as possible. And what more deserving beneficiary of that than the open source software ecosystem?

And a thesis that I’ve sort of been refining here is that AI has the potential to help cybersecurity practitioners where they’re constrained. And that’s important because cybersecurity engineers face a lot of constraints. Every security team, to some degree, is constrained by capabilities, is always up against pressure to move faster, and is always up against pressure to access greater scale. 

Do you have the expertise to find and fix the security problems wherever they may lie? Can you find and fix the problems fast enough to mitigate issues before they turn into real problems? Can you fix the problems wherever they happen to exist? There’s always more code to analyze, there’s always more logs to analyze, there’s always more that you can do to get leverage. Can you access them efficiently? 

So we are finding that AI is broadly useful to alleviate some of these pressures. And we as a team look to incorporate language models into our own work wherever we can. Now, of course, it is necessary to be aware that these tools are very imperfect on their own. They have things that they’re really good at and they also have a lot of downsides. So we’re looking for places in which we can implement these tools to benefit our work while also managing the drawbacks and downsides. 

Omkhar Arasaratnam (08:30)
Sounds good. So we’re recording this just after the Open Field Competition for AIxCC closed. It closed on April 30th. Can you share with the audience a little bit about the AIxCC, the AI Cyber Challenge, how OpenAI is involved, obviously, OpenSSF is a supporter as well.

Matt Knight (08:53)
I’m happy to and Omkhar, I think we first met at DEF CON last year in connection with the AI Cyber Challenge and I’m glad to be supporting this initiative along with OpenSSF. So the AI Cyber Challenge really has a great mission at its core, which is to find and fix vulnerabilities in the open source software that powers and underpins the critical infrastructure that we all rely on.

And it’s very timely because we’ve seen this great explosion in AI capabilities that’s largely been driven by language models. And while we’ve seen so much capability growth in language models, I believe that static analysis, that is finding and fixing vulnerabilities in source code, is an area where language models have historically underperformed. I think it’s a rich area for research, but because the capabilities are still emergent, I think success in this challenge is gonna involve a lot more than just like clever prompt engineering to get results. 

But the challenge is great because it engages a robust security research community. It brings a whole bunch of folks who wouldn’t necessarily participate in a program like this into the fold. And it’s also gonna happen and play out publicly. I think the semi-finals and finals are slated to be at DEF CON, which will be a great way to get even more of the community involved. And I’m pretty enthusiastic about what it’s gonna produce. If we look at where conventional static analysis tools fall short, AI and language models have the potential to really bring different capabilities to this domain to help, I think, fill in some areas that could really benefit the sort of static analysis tool ecosystem.

Omkhar Arasaratnam (10:36)
I’m really looking forward to seeing what our competitors come up with as well. We’re going to move into the rapid-fire section. So I’m ready when you’re ready. And the right answer for any of these may be one of the answers I provide or no, Omkhar, I actually, I think it’s something else. So are you ready?

Matt Knight (10:55)
Let’s go, hit me.

Omkhar Arasaratnam (10:57)
Spicy or mild food?

Matt Knight (11:00)
Okay, so I have Irish heritage and I grew up in a family and household where salt was an exotic spice. So my answer may surprise you. I am a spicy food guy all the way.

Omkhar Arasaratnam (11:14)
All right, man. Well, we’ve got…we’re going to be grabbing a meal soon. I hope you’re…I may bring some hot sauce with me. Now, the next couple of questions are very engineering-focused. Text editor of choice: VI, VS Code or Emacs?

Matt Knight (11:32)
I am a VI or Vim person all the way. And, I mean, beyond it just being the first thing that I learned, it’s on everything. You know, it’s on your, it’s on your Linux, you know, laptop, it’s on your, you know, all the servers you’re going to jump onto, but it’s also on a lot of embedded systems. You know, you’ve got the small low profile and embedded versions of it that you see in various places. So it’s a pretty useful editor to fall back on.

Omkhar Arasaratnam (11:59)
I’m also a Vim guy, so full support here. Last but not least, tabs or spaces?

Matt Knight (12:05)
Spaces and specifically two of them.

Omkhar Arasaratnam (12:09)
(Laughter) Excellent Thanks so much for for going through that. Now Matt, as we close out the podcast, what advice do you have for somebody entering our field today — somebody that’s either a new grad? Just completed their undergrad in comp sci or somebody that may be switching careers. What advice do you have for somebody entering today?

Matt Knight (12:29)
Love this, love this question. The world is changing beneath our feet very quickly with whether it’s the emergence of AI or just sort of more generally the pace at which the software ecosystem or the security ecosystem moves. So my advice to anyone who’s getting started is really to stay curious. And if you commit to that and a lifetime of learning, just enjoy the ride.

Omkhar Arasaratnam (12:55)
And the last question for you, what’s your call to action for our listeners?

Matt Knight (13:00)
A couple of things here will be exciting to the listeners here. The first is that we at OpenAI are hiring. So if you’re interested in AI or language models or security, please do give us a look. I also want to just briefly mention our cybersecurity grant program. This is something that all your listeners should feel encouraged to participate in. But we’re giving out a million dollars in cash incentives plus API credits to fuel innovation and research in defense of cybersecurity. 

We love open source as part of that. So if you are working on or want to work on some sort of open source innovation to help benefit the ecosystem, we’d love to take a look and fund it. Just some ideas of things that we’re excited about. So, you know, porting code to memory-safe languages. If you want to look at applying AI to that, that would be awesome. We think that confidential computing for GPUs could be a pretty important layer for protecting AI services going forward. And we’d love to fund some work around that, and other ideas too. We’re always looking for research collaborations with the broader community. So we’d love to hear from you. And just lastly, two of my colleagues were at Black Cat Asia, Paul McMillan and Fotios Chantzis. They actually open sourced some of their work coming out of that. Some automation that we built at OpenAI to help enable our work and help our teams move faster. So if that sounds interesting, I encourage you to go check that out.

Omkhar Arasaratnam (14:25)
Thanks so much, Matt. Really appreciate your time. Thank you for joining us on the podcast.

Matt Knight (14:29)
My pleasure, thanks for having me.

Announcer (14:31)
Thank you for listening to What’s in the SOSS? An OpenSSF podcast. Be sure to subscribe to our series of conversations on Spotify, Apple, Amazon or wherever you get your podcasts. And to keep up to date on the Open Source Security Foundation community, join us online at OpenSSF.org/getinvolved. We’ll talk to you next time on What’s in the SOSS?