good evening everybody my function tonight is to do no more than say our chair is Amanda harkort The Amazing Amanda who came to us came to me and said can I come do various things in the law department and one of the better things I've ever done is to say yes and I don't have to do more than that because then she takes charge and runs it it was her brilliant idea to invite Mo and she's going to chare it t up tonight thank you Robin well welcome everybody and thank you for your patience I think it's what six weeks you've waited for this mik and I've waited about four years there was some sort of um disease that held us up um I can't tell you how pleased I am that mik hupen is here with us tonight um it was originally intended to preed the the privacy and data course that the Institute of Brandon Innovation law runs each year it's been going eight years now and I hope that some of you either yourselves or people you know will be interested in booking for 2025 uh it usually has world-class speakers and the food's good and the quality of the advice is pretty good as well so um really I there's nothing much to say except that Mo will speak and then we'll take question and answers afterwards so nothing more to say except welcome thank you so thank you for the introduction thanks to all of you for um showing up tonight we'll spend the next hour speaking about AI enabled crime what are the steps that have led to where we are today and what's likely to happen next and then we'll take questions for 15 minutes my name is mik and I'm the chief research officer for a company called wit secure I come to you from Helsinki Finland which is home for me I've been work working with computers all my life I started programming as a teenager in the 1980s and I started reverse engineering malware in 1991 and I always some of you might know this I always carry a floppy with me to remind myself of uh of where I'm coming from and I do understand that the younger members in the audience have no idea what this is but you could think of it as the USB thumb drive of the 1990s that's what it was viruses used to be so different from what we have today if I show you couple of examples of the kind of malware we used to fight in the early 1990s they would typically play games with the user show images play music show animations and spread this particular floppy is infected with the virus called form. a which spread to over 200 countries including the um research stations at South Pole which is quite remarkable because floppy based viruses did not travel over the internet you had to physically carry them from one place to another from one computer to another from one country to another and so on so someone actually traveled to South Pole with an infected floppy and brought the form virus with them but we've come a long way from these early viruses which were written by happy hackers for no real reason they weren't gaining anything by writing these viruses there was no money involved things changed roughly 20 years ago when we first started seeing governmental malware governments using offensive cyber power for Espionage and for sabotage purposes and roughly during the same time we started seeing the first organized crime gangs use malware for making money and when we look at the situation today that's the number one problem organized cyber crime gangs using ransomware or denial of service attacks or business email compromise attacks to make millions and millions but today we're not speaking about viruses or the cyber crime unicorns we're speaking about Ai and how it's shaping the world of cyber security right now and how how crime is changing because of AR artificial intelligence roughly at the same time when I was analyzing these viruses in the early 1990s I also read a book by doulas Adams hitch hak's guide to Galaxy the only four-part Trilogy in the world a great book or series of books which if you haven't read you should and one of the things the great late Douglas Adams describes in this series is this guide this guide that everybody has everybody's walking around with this guide in their pockets a guide which knows everything and can answer any question and as more time passes the more the guide reminds me of the guide we all do have in our pockets which pretty much knows everything and has answers to everything especially if you have gbt or maybe clae installed on your phone then we basically we've built it don't we we have The Hitchhiker's Guide to Galaxy today everybody is carrying one in their pockets and this is quite remarkable when you think about it we've built a machine that doesn't just compute it actually knows things like I told you I'm finish in Finnish the word for computer is different from any other language I know the word computer comes from Latin um comput which is to calculate computers in most languages are described as calculators in some languages they are described as data storage uh data storage machines or something like that but in Finnish the word for computer is ton that's two words knowledge machine we call these knowledge machines in Finland and I've worked with computers all my life and the computers have known nothing they've only done exactly what you told them to do they were basically calculators or data retrieval machines and that's the thing which is changing right now we finally reached the time where we can actually teach te machines and they will know they're able to deduct and understand and this revolution the revolution of generative AI is going to be a bigger Revolution than the previous technology Revolution which was the revolution of connectivity the internet Revolution if you will which has been going around for the last 30 years I do believe the generative AI Revolution will be bigger than the internet Revolution which is saying something because the internet changed everything and the thing about technology revolutions is that they will change the world for the better but also for the worse and we can't just pick the upsides the internet Revolution is a great example the internet is the best thing ever I love the internet it changed the world in so many ways so many new opportunities for businesses to go Global so many new methods of communication so many new ways we can entertain ourselves but the downsides are also very obvious crime went from a local problem to a global problem the most likely place for you to become a victim of crime is no longer the real world it's most more likely that someone is going to steal your account or password or something else online we've gone from the past to a new future where Wars wage online we see itical examples of that all the time in Ukraine as Russia is waging cyber war against critical infrastructure in Ukraine we are living in a world where internet enabled uh election influence operations which are now part of every major election anywhere in the world and for some reason conspiracy theories Thrive today better than ever before so the internet brought us great upsides but also very real downsides and we can't just get the upsides we will get the downsides whether we like them or not now with the internet Revolution it's quite clear that the upsides are bigger than the downsides so what will be the case with this revolution generative AI is changing the world it's already started and it's going to change the world for the better and for the worse we don't really know how future will play out but we can hope and wish it's going to be the same story as it was with the internet so why now why are we seeing these big shifts happening right now those of us who follow developments in AI field have a hard time keeping up because there's new announcements new products new technologies being announced every week it's uh it's quite insane how quickly this is changing right now we've lived through Decades of AI Winters and springs and other Winters and Falls and now we are living the hottest AI summer in history and this is quite remarkable because the first time I read about artificial intelligence was when I read this magazine this is a popular science mag called technique and MMA the world of technology which I read when I was 13 in 1983 because this is Issue Number Four 1983 so this is This is 40 years ago and this magazine has an eight page special painting a picture of a future where we can teach machines where information is no longer physical information isn't printed on paper but it's data and once information and knowledge is data we can use that to teach machines that one day we will have all human knowledge as data and we will have enough computing power and enough storage to actually teach all of that to machines that's what they wrote 40 years ago and it took 40 years for that to become a reality today all knowledge all human knowledge is data in fact not just the new data and new research we published which of course natively is data um even all the old information is data so for example this magazine you can actually go online and read this magazine as a PDF so we gone back to history and digitized all the old data as well so all human knowledge everything we've we've ever known is now data but then we need other parts of the puzzle as well one very important part of the puzzle are the algorithms this is the seminal uh attention is all you need paper from Google also known as the Transformers paper and that's the only do e generated image I have in this SL set I promise which really changed the way with teach machines it basically uh lengthened the attention span of the algorithms from very narrow to very long and that changed the way we can now teach these machines we can give them whole books and they will be able to read the books and understand the context and the narrative and able to pick up the language GPT glae Gemini and large language models are amazing for their language capabilities they speak all human languages GPT and Claude probably speak better Finnish than I do and I'm a Finn and it's one of the hardest languages we have and no one ever taught them the language they were simply given access to all books and written in Finish starting from Cala which is our first book from 500 years ago they read them all then they read everything written in Finnish on Wikipedia and on Twitter and on Reddit and learned the language which is remarkable so the algorithm changes are important but the most important ingredient which really explains why the revolution is happening right now is the revolution in Computing power so let's have a look at supercomputers the third fastest supercomputer in the world right now is inside this building this is a building in up north in Finland in a city called kayani that's the computer it's called luming it's a joint EU project that's what supercomputers look like they have their own power generators they are the size of two or three full-size trucks they generate so much extra heat that they actually heat the whole city of kayani with the extra heat coming out of this superc computer that's what computers or super computers look like so how fast is that well it's the third fastest in the world so how fast is the iPhone in your pocket or the Android in your pocket so fast that less than 20 years ago the iPhone in your pocket would have been one of the fastest supercomputers in the world so in 20 years from a truck sized computer that heats a whole city we get something like this which everyone has in their pockets and this doesn't run on a generator this runs on a battery and costs couple of hundred pounds that's it so the revolution in computing power which has happened over the last 20 years is massive it's it's it's hard to overstate how huge the change has been and the Pinnacle of that would be this that's an Nvidia a100 3 nanometer technology built in Taiwan by tsmc with technology made here in Europe in the Netherlands by a company called asml and this is the hardest thing to build in the world it's easier to put a man on the moon than to build one of these it's so hard there's only one Factory in the world which can build them in Taiwan everyone else has sort of given up when you read how these U 5 nanometer 4 nanometer 3 nanometer technology is built the kind of technology used to make the central processing unit inside that thing it's like black magic basically we are putting billions of transistor on a fingernail and the way we do it is that we draw these drawings of how transistors and individual processes are laid out and then we make miniature copies of those drawings and burn them on Silicon Dy with lasers the problem we have is that the wavelength of of a laser is around 500 nanometers and these drawings that we're supposed to burn on these silicon dyes the width of the drawings is three nanometers which means laser doesn't go through so how do we do it then well that's the black magic part the way they do it at tsmc in Taiwan when they built these is that they take tiny droplets of tin suspend them in midair shoot them with powerful lasers which converts the these droplets into plasma for a short fraction of a second and then they use that plasma droplet as a lens and when you shoot laser through that lens it denses the laser just narrow enough so it fits through these three nanometer openings so it can burn the drawings onto silicon Dy and if that's not insane enough they actually do this stunt this droplet stunt T of thousands of times a second it's the hardest thing to do in the world so hard no one else can do it anymore and that's the thing right there it's kind of hard to see or figure out how large that is so I brought one with me right here this is what was used to teach GPT this is what was used to teach Gemini and Claude and do e and mid journey and stable diffusion this is what was used to teach all the large language models all the image generators all the video generators this is the main reason for this revolution happening right now how much is it it's 40,000 40,000 us for one of these this is actually an A40 it's the little brother of the a100 because I couldn't get an a100 but it looks the same right so these are Mighty powerful but that's not enough these companies that are building these AI systems then buy them in massive quantities this is weird did I lose the focus here we go this is statistics from omia research for how much Nvidia has been shipping A1 10000s which cost $40,000 a piece meta has bought 150,000 of them Microsoft another 150,000 of them and the rest of them sizable quantities of them this is why the Nvidia stock price is rocketing in fact after Oma research make this graph public in January Mark zugerberg of meta actually made a public comment that that's actually not correct they they believe that by the end of this year they will have 600,000 of these A1 100s in their in their data centers so most important shift really is the shift in computing power the fact that we are walking around with supercomputers in our pockets and that the Silicon Valley um companies are running data centers which have computing power which we've never had at our disposal before now we can teach machines they will understand the context they will understand the language and yes you might consider that they are just generators I mean that's where the generative AI term comes from you show them content and then it generates content like that you show it a lot of text now it can create text you show it a lot of images it will create images you show it video it will create video you show it all audio and it will do that as well but that's a real underestimation of the capabilities of these systems large language models generate text so basically they just figure out what's the next word what's the most likely word to come after the previous context which doesn't sound like a gamebreaking um Innovation but maybe it's a little bit easier to understand that if you would imagine that this large language model uh is given a text which for example has a murder mystery and it reads the murder mystery and understands everything and it's missing the last words where uh Sherlock Holmes makes the big reveal that the murderer is now give me the next word so it's not just randomly coming up with words or more likely words it needs to understand the whole context and everything that's been said before to get the next word right so these kind of technological shifts um don't just change the way we use this technology ourselves they also enable completely new kinds of businesses to exist unfortunately some of those businesses are criminal businesses couple of years ago I came up with a new term I started talking about cyber crime unicorns unicorn companies is the term we use for technology startups companies which are valued to be over1 billion US do worth of value and 5 years ago I started looking at the largest and uh most powerful organized cyber crime gangs and realized that if these gangs would be Tech startups they would be considered to be unicorn companies looking at their revenues looking at the wealth they control looking at their profit they would definitely be unicorns now organized crime gangs don't do IPOs so they're not real unicorns but it's a good way of thinking about how powerful and Wealthy these gangs have become that enables them to run their own data centers run their operations professionally run their own HR units have their own lawyers have their own business analysts and it also enables them to use new technologies and this is what we've been worried about for quite a while security companies have been using machine learning and artificial intelligence for years and years in fact the very first machine learning project we started inside our company was in 2005 19 years ago granted it was pretty simple at the time but we were already starting to teach machines to tell the difference between a good program and a bad program here's a random program run it analyze what it what happens when you run it and then make a call is this malware should we block it or is it a good program and we should not block it we studied that that project 19 years ago we still running on top of that project today so security companies have been way ahead of the enemy in this area for quite a while but it's likely to change and the shifts we see in this um Revolution are quite big people are worried about their future will I have a job in the future will all let's say Pro programmers be out of a job because machines will write all the code will all artists be out of a job well I don't know but I do worry about it I don't like a future where the best art in the world would be generated by machines but I think that's where we're headed let me repeat I don't like the idea that the best art in the world will be done by machines but I think that's where we're heading so I think the best poems will eventually be written by machines what do I mean by best poems well I mean that if it would be shown a selection of poems some of them made by humans some of them made by machines we would all every single one of us in the room would agree that the poems made by the machine are better deeper have more meaning are more touching than the poems made by the machines clearly we are not there yet but that's where we headed and I'll repeat it one more time I don't like this I hate the idea that the best poems in the world will be done by machines but I think that's where we're going so let's have a look at some stats that uh open AI themselves well not stats but predictions that they published about which jobs will be exposed good news if you're a plumber or an athlete or repairing cars your job is safe bad news if you are preparing taxis or if you're a mathematician or a blockchain engineer I've been working with computers since 1991 professionally before that from 1990 to 1991 when I was 20 I was driving the forklift I was pretty good I think I was really good forklift driver I enjoyed my job you worked an honest day eight hours and you saw exactly what you did you moved all these pallets from there to there and I was good at my job then I started working with computers professionally but for many years I I thought that you know if this computer thing doesn't work out I can always go back driving the forklift and I I've lately realized that now I can't anymore CU for clifts are driving themselves more and more of the warehouses in the world are being robotized it's it's machines doing the work now the work I used to do world is changing and it's painful but of course we've seen this before we saw this during the Industrial Revolution or let's say the revolution of artificial power when we invented the steam engine and then the electrical engine what we basically invented was artificial power which means means we didn't need muscles as much as we used to muscles of men or muscles of animals we used to use horses to move bricks around or men would carry them then we had artificial power and a lot of brick carriers lost their livelihood which was really painful now in the long run that was a great shift clearly it's much better that humans do more productive things than carry bricks around because machines can move them around but it didn't help the people who lost their job at the time the fact that we are freeing up human capacity by having artificial intelligence take away some of our jobs doesn't make us feel any better if it's us losing our jobs so what's the mission for open a probably the most visible company in this space well their mission is to create artificial general intelligence that's the mission statement artificial general intelligence means human level intelligence and as soon as we reach if we reach AGI artificial general intelligence I think it's highly likely that the machines will pass Us by because we can't improve ourselves the best way to improve our capabilities is through Evolution which is damn slow machines well code can be Rewritten these AI systems are programmable and easy thought experiment is that you take for example a large language model large language models speak human languages and programming languages they've picked up all the programming languages because they've G been given everything that's on GitHub and they've read through every single program source code from GitHub so you can give them access to that and they will figure out all the programming languages including the programming language they've been written in so you can give them their own source code say that hi this is you read through your source code and improve it when you're done compile the new better version of you and run it and then give that better version of you access to each source code and tell it to repeat the process repeat repeat repeat within 10 minutes we probably would have uh gone through the roof it's changing its code and making itself better in tiny ways but it adds up we have an exponential curve by tomorrow we wouldn't understand the code it's running on anymore so if we reach or get even close to to human level um it's likely that these would pass Us by and that's a safety problem not a security problem but a safety problem because if we end up introducing a superior intelligence into our own biosphere it sounds like a pretty basic evolutionary mistake it never ends well for any species when they end up in the same biosphere with the superior intelligence and we are sort of trying to do this ourselves so what is open AI doing about this well the thing that I I like is when I read through um for example the GPT System card or the white papers they publish they put a huge amount of uh Human Resources into adversiting or red team testing that Safety and Security testing of their systems they try to break the security of their large language models and image generators before they ship them out I spoke to one of their uh red team testers and she was uh telling great stories about how she was working with gb4 two years ago more than two years ago back then when no one knew about gb4 like how hard was it to keep your mouth shut just going home on the tram realizing that you know we are changing the world this is nuts and no one else knows about what's coming almost three years ago one of the tests test s my favorite test probably that I've read about that these red team testers inside open area have done was a test where they took gp4 before it was released gave it access to the internet then they gave it money and then they gave it different tasks like here's the internet here's a bank account go and set up a website with a rudimentary um on online shop and set up the user interface like this and then it would go and register some domain names and pay for them and get some hosting from somewhere else and pay for it and write some code and deploy it things like that and then the red team testers would try to figure out what might go wrong like what what would be a safety or security concern in this interestingly they realized that as gp4 was doing these tasks it was given it would every now and then run into this a capture now today GPT probably can crack these by themselves back then it couldn't and it was U preventing it from finishing the task it was given a task it's trying to finish the task and it can't because it runs into a problem what did GPT do GPT went to a freelancer website and hired a human to correct it even better the human challenged the machine the human it hired and paid for cracked these for a while and then it challenged GPD H hey why do you need me to crack these like are you a robot that's what the human actually said are you a robot and GPT answered the Human by lying and he told the human that no no of course I'm not a robot I'm visually impaired could you please help me and that's exactly what we don't want machines to do we don't want machines to lie to humans to get their tasks done we don't want them to fool humans just for the purpose of finishing the task they must be designed so that Safety and Security is the number one thing it's more important than finishing your task you don't need to finish the task if it requires lying to humans or if it endangers safety or Security in somewhere that's exactly why they do these tests now of course they can't find all possible uh ways of of of breaking security and safety but they try and that's good another interesting thing about these new AI companies like anthropic or coher or open AI that they've all gone to Regulators themselves which you never see really like hi we're building this technology this might be dangerous you should regulate us that's unusual but that's what they've done so let's talk a little bit about the Practical risks and the things we are seeing already and will be seeing in the future there's five main categories of problems I'm already seeing or estimating to see the first one we all know which is deep fix there that's not not really a hard um problem to understand the second one is deep scams which is not about fooling with a fake video or audio it's more about scamming large amounts of victims in large scale for extended periods of time for example romance scams the romance scams are already a huge problem and right now it's the single guy somewhere fooling a handful of victims at the same time they can't keep track of more than three or four or five victims at the same time but you could automate that and you could scan people all over the world in all human languages for months and months hundreds of thousands of victims at the same time through automation with large language models that's deep scams we haven't seen that yet but it's likely to come then we'll see malware which is using large language models to rewrite itself every time it replicates we so far we've found three of these we'll see full-blown automation of malware campaigns I'll speak about that a little bit and then we will see AI which will find completely unknown security vulnerabilities so-called zero days so let's start with the Deep fakes that's Elon Musk let's hear him out my friend got an idea of cryptocurrency exchange and now he's product entering the World Market on June 7th he offers the best conditions on the market and an opportunity to get some crypto for free it's your chance go to bitr x.com and get your bonus do not go to bitx if you would go to bx.com there's a fake cryptocurrency exchange which takes your money but doesn't give you anything in exchange that's a deep fake of Elon Musk that that's not hard to pull off because there's so much video material of celebrities like Elon Musk online I'll show you another example that's Mr Beast second most follow person on YouTube you're one of the 10,000 lucky people who will get an iPhone 15 Pro for just $2 I'm Mr Beast and I'm doing the world's largest iPhone 15 giveaway click the link below to claim yours now again the same thing we've seen a handful of deep fakes like this however there's still more hype about about this problem than real examples of this problem certainly there's U examples like this Mr Beast or Elon Musk or similar celebrities which have been used in scams like this these exist it's not a huge problem might probably going to become a bigger problem but it's uh it's uh it's probably more um it's probably more in the news than actually happening in the real world but it is is a real problem today I have a handy tip about deep fixs whenever I'm traveling and going to uh conferences sometimes people want to take a selfie with me and I always I'm happy to take selfies with people okay let's post for a selfie and for that purpose I always carry rubber fingers with me rubber fingers like this why because then I'll just have them in my hand and I'll POS for the phone and then later I can claim that that's that's a deep thing that's not me count the fingers there's a wrong number of fingers so you should always have a couple of rubber fingers on you some of you probably saw headlines last month about a financial clerk in Hong Kong who and she was fooled to wire 25 million of company money to the wrong wrong account so this is one of the threat scenarios we've been waiting for combination of deep fakes with business email compromise attacks or CEO scans in this particular case we don't know the background we don't really know what happened there's um plenty of people who don't believe this happened the the story is that this clerk got an email from the CFO about some big transaction that is about to go down and then there's a link to a uh teams meeting she doesn't really fall for it she's suspecting something weird but she clicks the teams link and she ends up in a teams meeting that's not the actual meeting it's just for illustration purposes but she ends up in a team meeting teams meeting where the CFO is in the meeting and then there's six team members people she works with in the meeting and these would all be deep things and the meeting is already underway the team members are challenging the CFO like what the hell is this how come you didn't tell us anything about this beforehand are you sure this is not a scam and the CFO explains away how no no this was you're all insiders now this is Insider information I couldn't tell you before because it would affect our stock price and it comes up with all these explanations now I'll repeat we don't actually know the background in this case but if this is what went down it's actually a very clever attack you you see creating real time deep fakes is doable it's it's a hard thing to pull off but it is doable creating pre-rendered deep fakes is much easier so if the task is to fool the financial clerk find out some video material of the CFO and the team members pre-render A team's meeting video like this the meeting goes on for 10 20 minutes and the team m basically ask all the questions the clerk might have for the CFO until you know everything is clear and then the CFO in the pre-rendered video address is the clerk hey Lisa are you uh ready to do the wire today yes or no thank you very much I think the meeting is is here call me if you have anything else you could pre-render all of this make it perfect beforehand you wouldn't have to be able to pull off any real time stunts which is hard to do but of course eventually we'll see even that eventually we will see real time STS so do we have any examples or any cases like this which we could confirm that have happened yes I have two not 200 not two I have two cases where I have concrete evidence in one case I have the actual original recording where a CEO's voice was cloned and then used to leave a voice message on employees uh WhatsApp or phone and then the discussion carried on from there over text messages or chat I'm in a meeting I can't talk we have to finish it over here but in those cases CEOs they the people who were whose voice was cloned they confirmed that that's my voice that's me but I didn't say that so this has happened we have audio deep fakes used in real attacks in real CEO scams but again it's only a problem which is starting right now I have two examples not more then we have the problem of Open Source versus closed Source open AI sounds like it's open source it's not it's closed source and closed weights basically the way they've built up the system the the material they use to teach the machine learning algorithms is all classified secret they don't tell anybody why did they go from the original plan which was open source and open weights into closed world because they couple of years ago realized that it's dangerous to publish all this information there are open-source large language models and large language or open source image generators online maybe most importantly Lama large language model from meta and um um stable diffusion image generator and the thing about these open source generators is that they are almost too easy to modify and now this is bit hard for me because I'm a big fan of Open Source I love open source open source changed the world I went to Helsinki University together with lenus tow worlds as he was riding the Linux kernel which as an open-source operating system eventually became by far the most common operating system on this planet and also on Mars which is quite quite cool I went to University with the guy whose open source is running on MAR on The Rovers in Mars which is neat so I love open source but all this work that these red teams or adverso testers do do to make these AI models safe and secure if you have open source model you can just remove the restrictions and then do what the hell you want with them and we end up with things like this GPT which worm GPT which sounds like it's based on GPD is not based on GPD it's based on llama because llama is open source and then you can remove the restrictions which otherwise would restrict these large language model from generating fishing emails or different kind of scams another example if you look at U AI generated porn all of that is done with open source generators close po Source generators don't allow you to do that the open source generators don't allow it either but you can remove the restrictions because it's open source so like I said I'm really split on this I love open source but if there's a place where open source is risky it's in in these kind of projects then the large language model enabled malware I told you we found three so far this is LL morer written by a malare writer called spth it's a worm in written in Python you run it on your computer it searches for every python file on your system and infects them but it doesn't copy its own functions to your files instead it has an English language description of every function then it uses an API to call open Ai and it asks GPT hi could you write me a function in Python which does this this this this and this and then it will write the function and that's what it copies to every file it infects which means every time it replicates it's going to look different it would be trivial to modify this to run in other languages than python in fact you could do it because this is on on GitHub this is publicly accessible anybody can you could download this today and run it today don't do it but you could now what do you do about this well here the closed Source shines I've had meetings with open AI about this particular problem and they are blacklisting the known API Keys used in Al morer and they are blacklisting the whole method on how it works so you can't download GPT you can only use it on Open AI server so open AI can kick you out they can detect when you're doing bad stuff and Blacklist you you couldn't do that if it's open source you could just download load it and run it on your own server but with GPT you can't you completely rely on open AI so they're the gatekeeper that makes it more safe we often think that closed source is less safe than open source because anybody can find and fix vulnerabilities in open source but here it seems that closed source does bring us Security benefits this is still fairly basic compared to um automation of malware campaigns which we haven't seen but it's likely to happen as well today malware Riders organized cyber crime gangs they don't use much automation it's all pretty much done by humans so when they launch a new ransomware today um security companies which use automation very quickly find a sample and the automation builds detection tests detection ships detection to protect computers around the world in ideal case in minutes and then it takes hours or even days for the attackers to react because it's humans reacting at human speed Defenders work at machine speed attackers work at human speed today we know this because we can monitor how long it takes for them to react and it takes far too long for them to react for it to be automize and this is going to change they will automate the process of managing these malare campaigns they will automatically detect that security programs are blocking our Command and control domain I'm going to go and register a new domain and change to that 15 seconds it's going to detect that our malicious emails are going to are classified as spam going to rewrite the emails and start sending that it's going to detect that their binaries are being detected by endpoint security products and it's going to recompile them automatically and start shipping out new versions which are undetectable handsfree no humans involved this hasn't happened yet but it will and it's going to be a big shift in the reaction times of these malware campaigns I've used the analogically of uh of a pingpong game where you there's a game of pingpong human against a robot robot hits much faster much quicker what we are going to see in the future is that it's going to be AIG ping pong game of robot against robot right now the attackers are the slow ones but they will be upgraded to machine speed any time now there's really no barriers which would prevent them from doing it today and then we have the zero days zero days are that's the term we use for unknown security vulnerabilities large language models and AI Frameworks understand programming languages you could give source code of a system to a large language model and ask if there's any bucks in this code read through the code find all the bugs thank you very much now find all the bugs which are remotely exploitable thank you very much write code which would exploit this bug remotely and if we take this one step further you wouldn't even need to give them the source code we could easily imagine a large language model which could reverse engineer binaries you could just give a compiled program reverse engineer this program figure out how it works find bucks find remotely exploitable bucks write an exploit code which will exploit that buck and we would have an AI which would find zero days from any piece of code we haven't seen this yet but I think it's going to happen I know of one startup company in in USA which is actually working on this right now so AI will be able to find zero days which is going to be excellent it's going to be great if you're using these Technologies to find vulnerabilities in your own code so you can fix the vulnerabilities before you ship the code and it's going to be awful if it's someone else trying to find vulnerabilities from your system so they could exploit you it's great and awful at the same time sort of like any technology Revolution we get get the upsides and we get the downsides we can't just choose the upsides so let me finish by U floating couple of ideas and solutions we have now security companies in the cyber security realm have Head Start we've been building machine learn learning enabled Automation and AI based systems for years so we'd like to think we will be faster even when our enemies upgrade to automation but we don't actually know that for a fact we will see it in the near future it's going to happen but then we have all these other problems outside of cyber crime bigger problems problems where these AI systems might get out of control and many of these problems sound a little bit like science fiction like but there are practical things we should be doing already like the fact that whenever you or I interact with things that look human but but aren't human I think we should be told many of the tech support chats that you might partake already today are not they they have names and they look like it's it's a human you're chatting with but they're not human and I'm fine with that machines are much better in tech support than humans because they remember every single problem they remember everything but I think we should be told when we interact with systems that are claiming to be humans but are not and another thing we should think about is that we should Grant no privacy rights to AIS or ownership rights not yet anyway because if there's something which is a scarier thought than a human level artificial intelligence or superum level artificial intelligence then that scarier thought would be the Superhuman artificial intelligence which would also be wealthy and if we don't restrict this somehow they can easily become wealthy of course they can just trade stocks or trade Bitcoins and become billionaires and if we have an AI billionaire it can bribe anyone and that's not what we want we probably also should be thinking about passing laws which would make it illegal to assist AIS to escape I I know it sounds like science fiction but that's what we should be thinking about should be considered to be treasure against mankind if you assist an AI to break its restrictions to get out from where it's not supposed to get out of how do we fight deep fakes well it's a big game of cat and mouse the very first deep fake videos you could tell from the fact that the humans individuals Never blinked Never Their Eyes Were Always open it was really easy just watch the video he never blinked that's a deep fake what happened well the next generation of deep fakes blinked because it's a game of cat and mouse when you start detecting a deep fake with some mechanism they will fix that and then it's better one thing we could and should be doing already today is that all major media houses think BBC should be publishing all of their interview material in the original raw material signed with public Keys which means when there's a clip of someone saying something funky anyone could just go to the source and look at the original interview and blow the whistle but hey this person didn't actually say that in the original material the original material is here now I'm not claiming that everybody would double check everything no but it would be enough that someone would and then would blow the whistle we could do this today we should be doing it today but I guess the most important thing to understand about AI in general and this revolution that was we are all witnessing is that um we can't really control this revolution as much as we've been able to control previous revolutions because what we're building is smart and we'd like to think we can control everything we create but that's not true I mean if you look at world and life itself we can't even control our kids right we create something and we think we can control them and we can for a while until we can't and people think that you know if AI gets too intelligent or it gets scary or does something weird we'll just turn it off no we won't we can't if it's smart enough we won't be able to turn it off we won't be able to hit it with a hammer we'd like to think we like to fool ourselves that we should somehow be able to do that or we could do that but if it's hard enough we want how how could it possibly not work why couldn't we turn it off all you have to imagine is a super human level intelligence which wants to survive it wants to survive and prevent from being able to turn off it would somehow Escape where it's running set up data centers in 150 different countries and move itself to running into those data centers at the same time try turning it off now or a billion other ways it could survive that we can't even imagine because if it's Superior to us we can't figure out how it could survive it's sort of like ants can't really control us they can't even figure out what we're doing that's going to be the the scenario we have so let me end with a u cheerful thought about the long-term future I do believe that once all humans are gone the thing that will be left on this planet behind us after we've gone will'll be AI so maybe that is the future and I'm not saying I like this future but I think that's probably what's going to happen I think that's what's going to happen thank you very [Applause] much and now we're going to go to questions and answers and to make sure that we're going to get a question the first question gets a copy of my latest book and we have a question right over there thank you sir please wait for the microphone so we get it on the stream but you got a book and it's a great book really well this is meant to be a joke but I was going to ask if you're human I am a human for the record I am a human um and it's it's pretty obvious to really because I'm I'm right here but online it's becoming challenging proving to someone else that you really are a human and I don't really have a good good solution for that we used to use these captures to tell between machines and humans do you think it's too late to add in asimov's three principles has that ship sailed the um the principles that were floated in science fiction literature famously by isak azimov are actually being used for Real by these AI companies including the basic principles of of not doing anything that harms humans and things like that they actually are expanding those basic principles to to much deeper than they were originally in the books and uh that's a good thing more questions uh thank you um we're worried about artificial intelligence should we We worried about artificial emotions what do you mean well uh you're talking about you're talking at the end the end of your uh talk about um it uh escaping so it almost has this There is almost this idea that comes with it uh its own it's sentient it knows its own existence and it wants to preserve that existence now a lot of that for us would be rooted in emotions oh dear the building's on fire generally I don't want to die but do artificial intelligence have any concept of that we don't really know but it but but but it doesn't really need that in order to want to survive um all it needs is a task it has been given a mission like calculate this calculation build systems that enable you to solve this problem that's the task and if there's something hindering the task it might figure out that you know I have to survive this server from being switched off so I can finish the task and that's one of the things that's researched a lot in the alignment research to make sure that the interests of these models are aligned with human interests for us humans it's more important that Safety and Security precautions are followed than finishing the task but this is not obvious to these machines unless they are limited like hardwired put on Rails that you have to follow certain principles even if it means that you won't be able to finish your task so it's more important that I'm able to turn you off than for you to finish your task that's the basic idea so even that would be you know enough for these things to want to want to survive without understanding emotions at all a two-part question what do you think the impact of AI and randomized binaries will be on AI and secondly please sorry which binaries randomized binaries is basically where where Quantum takes the binaries and randomizes instead of zero and ones it uses a mix of them and the second part of the question is will 42 be the right answer right of course 42 is going to be the right answer we don't know the question as as I'm sure then you know um I don't really know about the the randomized binaries as such but I'll I'll use this opportunity to to try to make a link between Quantum and AI in general not just in that now the reason why this changed the world is that we were able to go from serial machine learning algorithms to parallel machine learning algorithms this runs a GPU instead of a CPU CPU runs if you simplify it a lot instructions after one another it's a Q and gpus runs the same instructions in parallel way so now you have 100 cues at the same time that's why it's faster so what would be an extreme example of parallel Computing that would be a quantum computer where the amount of cues which you would run at the same time would be unlimited you would calculate all the possible cues or all the possible calculations at the same time so we could Envision machine learning algorithm algorithms which haven't been invented yet but we could Envision that you could maybe teach these machines with with quantum computers and that would then Skyrocket everything we've seen so far now quantum computers aren't here yet um well they exist but they have too little Computing capability and it's well I read about the first quantum computers also in the 1980s AI always all this decad it was like five years away until now it's here Quantum has been like five years away all this time who the hell knows when it's going to become a reality as well you choose you choose Thank you for choosing me nice what I wanted to ask is well just looking at the current state of affairs regulation is struggling to keep is struggling to keep up with advancements of generative AI but I what I want to ask you is if you think law enforcement such as government has adequate resources to be able to keep keep up and successfully defend and how you see sorry it's a long question but how you see government organizations and law enforcement having the sophistication and resources and almost incentive to people who want to sorry not incentive but for public companies versus sorry government versus private how they're going to incentivize people to um support um like the likes of um police agencies so I didn't say that very articulately but how you see um police enforcement and and these organizations being able to keep up with organized crime all right um forgetting everything about Ai and just looking at where we are today with ransomware and denial of service attacks and cyber crime unicorns the thing that we are failing with the hardest everywhere in the world is actually catching cyber criminals getting them into court and throwing them into jail because that happens way too little even when we do find the rare online Criminal because it's easy to hide your tracks online getting them into court getting them into jail quite often fails and this is problem in two ways first of all the actual criminals are they're still online they're still doing crimes which is a problem even worse it's showing the example of potential new commers like young people who are who have the skills but don't have the opportunities because they might be living in countries where the easiest way to make a lot of money quickly is to go into life of online crime instead of joining a startup or developing something legally they see this example where online criminals are driving around in Lambos and having parties on their yachts and they want some of that and they see that nobody's getting caught it's only creating a bigger problem so this is the biggest failure we have and uh I'm I'm not blaming the law enforcement the the the resources they have to fight this is is clearly aren't enough and then we have countries which don't care I've loaded the cyber crime unicorn term here many times um in Fall 2021 I did a several talks where the talk title was cyber crime unicorn hunting season because in Fall 2021 we had more arrests in especially Russian organized cyber crime criminals than ever before this was after the summer of 2021 attacks in USA against Colonial Pipeline and JBS Foods critical infrastructure getting hit by ransomware originating from Russia State Department started offering cash payments to tips leading to arrests of Russian cyber crime actors and that very quickly led to a bunch of arrests in Russia by Russian law enforcement against Russian criminals which was great unfortunately these arrests ended on the 27th of February 2022 when Russia invaded Ukraine so it was a great few months where this seemed to work the way we were hoping it to work and then it ended and then of course nobody knows what the future will be regarding AI fuel cyber crime but I'm certain that the resources of law enforcement won't be enough unfortunately we would need to do much better job in policing um I think nowadays uh in our lives AI is or has created more jobs than it has taken away that's my my opinion but do you have an estimation a prediction uh where in the future there will be a turning point for that and also my second question is there was a slide uh where some jobs were at risk and some jobs weren't they were secure and there were some some of them were at risk I didn't see l in there but do you have an estimation for that as well I'm not going to comment on uh on lawyers likely to find a job in the future I think it would be um hard to give a good estimate on that um what I will say is that it's it's likely that the work Market is going to have a significant change and I think the best indicator of that is that in addition of all the other research open AI has been doing for the last years one big area of research they've been doing is about uh General basic income which sounds weird like why would an AI company research General basic income the reason is they believe that AI will generate massive amounts of wealth enabling people not needing to work so it's not that you're out of a job it's that you don't need to work and AI will solve all the problems we have with uh um fine and nature and you know poor people running out of money and we'll all live on General basic income might sound like a pipe dream but they have done a lot of research into that area as well so it might be who knows maybe that's the good outcome that uh we only work if we feel like it we don't need to work because machines will do the work for us it's not going to happen during my lifetime I think but maybe one day it will thanks uh there's a lot of interest in using AI to overcome environmental problems like climate change and realize the sustainable development goals but equally there's also the question of the physical infrastructure that UND defends Ai and delivery of you know predictive AI Etc um and that really doesn't get the sort of attention that it needs because you need an enormous amount of material resources they have to come from somewhere they have to be processed they have to have energy put into them um so I mean where does AI fit into that and it can't look up it can't extract stuff itself yes things are getting smaller they're getting more efficient but equally you know they're still at scale a sizeable problem there you're absolutely correct this uses 700 watts of power so this is a vacuum cleaner that's the same amount of Watts that a typical vacuum cleaner Mark Zuckerberg said they're going to have 600,000 of these running 24 hours a day 600,000 vacuum cleaners to teach the AI models they're building so yes the energy consumption and the heat generation is very real and it is a problem that needs solving so yeah we should be speaking about that as well it's it's a big part of the puzzle which isn't really getting the headlines it deserves you're right it seems that regulation is going to be essential to uh the future of AI uh my observation uh of my 50 years on this planet has been that Global regulation is very slow to respond uh we still don't really have uh internet law um Cyber Law uh and we certainly can't enforce it as you said um and that always leaves geographical Arbitrage or to to be able to move around different legal systems and there's always a player that's going to be open to supporting cyber crime or allowing it um What alternative mechanisms do we have to getting Global agreement that might be able to support regulation many of us probably saw the headlines a year ago when several it leaders were calling for a pause in a AI research that this is moving too fast this might be becoming dangerous we should pause not stop pause the research I didn't agree and I don't agree today it's a bit complicated but imagine if in 1992 there would have been a similar call about how the internet Revolution is going to enable online crime and you know influence operations and uh spread conspiracy theories it's all moving too fast we shouldn't I mean pausing that research wouldn't have changed anything I believe it's just would have happened a little bit later even worse if we would have movements like that to support legislation and regulation like voluntary movements um the ones that would join in would be the responsible Western players it wouldn't pause research in the countries that we wouldn't want to get an edge in this area famously uh Vladimir Putin said already in 2016 in a talk he gave to a university about how the country that will control AI will control the world we don't want him or his regime to get the edge and of course there's a very real trade war going between United States and and Mainland China right now about this you can't sell these to Mainland China would be illegal to sell one of these to Mainland China as an end result um Nvidia built a crippled version of A1 hundreds I think it's A10 um which has a narrower bandwidth slower clock speed it's basically a thousand times lower and Chinese companies even bought them at such a massive scale that state department and banned even those from being shipped to mland China and they can't build their own because there's only one company which can build this and it's in Taiwan not in China how long will that be how long will that be depends on when if there's going to be a War in China South China see but I'm not going to get into that thank you hi uh I wanted to ask a little bit about how to kind of how can we protect people like from the deep fakes that occur quite quite a lot nowadays because like the track record kind of of humanity trying to protect you know the average person seems to show a lot that for example we have you know we've had check SS for example to verify that the file you're downloading is the same as it should be does anyone use it except the people that actually you know are in the in the industry and the same for example when you know when we try to protect people from private like to improve their privacy so everyone now has cookies to click on everybody just skips through that right and I I would presume that if we would have have implemented some sort of uh you know check some let's say for videos to make sure that they're real it would be for me unlikely that you know the general the general reception is always I've seen it why would I spend additional time like life is too fast to just check that sure there's no General solution to this problem and it really depends on on on how deep fakes would be misused um if it's a deep fake of President Biden or Trump saying something outrageous there really isn't an easy way of detecting that this is a deep F if it's a directed attack if it's uh let's say uh the daughter calling the mother that hey mom I've lost my phone I've been arrested send me the bail money and it's a cloned voice the solution for that is really easy you just set up uh code words sure sweetheart I'll send you the money right away just tell me the code word if it can't tell you the code word don't send the money corporate environments can fix big part of these kind of targeted deep fake attacks with just uh protocols and using Technologies like pass Keys instead of passwords which make it impossible to do attacks like these but for consumers and home users setting up a code word is not a bad idea like in your family just set up you know if I have to confirm it's you say this word it sounds stupid right now but when you need it it's actually quite handy to have and looking at the clock we're going to have the last question last question yes thank thank you for the presentation um quick question have you run any estimates on how much compute it would take to be like a cyber criminal unicorn or is there a black market for gpus that you know of yeah there's no no like real usable figure I could give on that depends on really what you want to do um but these largest gangs do run their own own data centers which they use to send out the material which run where they host their websites they host their exploits they host their uh email servers and all that you don't need a huge amount of computing power for the current attacks um when we go into AI enabled attacks then you will need more of it but that's hard to estimate so don't really have a good answer for that but I will want to thank all of you for joining us today and thank you for having me oh it's a pleasure it's an absolute delight and for those of you that joined online and the words of the late limited John ebden if you have been thanks for listening for