Satu Korhonen elucidates the intricacies of hacking artificial intelligence, emphasizing the necessity of understanding both the vulnerabilities and ethical considerations inherent in AI systems. She advocates for a paradigm shift where cybersecurity and AI development converge, fostering collaboration rather than division among these domains. Central to her discussion is the notion that AI, while a powerful tool, is fundamentally probabilistic, thereby requiring a critical approach to its outputs and implications. Korhonen further highlights the educational imperative of familiarizing individuals with AI vulnerabilities, suggesting that playful engagement through gamified experiences can enhance comprehension and awareness. This discourse not only illuminates the challenges posed by AI but also underscores the potential for human-AI synergy in navigating the complexities of modern technology.
In this episode of the Security by Default podcast, Joseph Carson and guest Satu Korhonen a passionate practitioner, researcher and founder of Helheim Labs delve into the intersection of AI and cybersecurity. They discuss the challenges and opportunities in creating trustworthy AI systems, the importance of collaboration between AI and cybersecurity professionals, and the role of regulation in ensuring AI safety. Satu shares her journey from education to AI, highlighting key moments and insights from her career. The conversation also touches on the EU AI Act, the importance of understanding AI's limitations, and the need for a balanced approach to AI development.
Key Takeaways
Chapters
00:00:00 Introduction to AI and Cybersecurity
00:03:00 Satu's Journey into AI
00:09:00 Trustworthy AI and the EU AI Act
00:15:00 Challenges in AI and Cybersecurity Collaboration
00:21:00 The Role of Community and Events in AI
Resources:
https://hackai.quest/
https://helheimlabs.ai/
https://helheimlabs.ai/about-satu-korhonen/
https://www.linkedin.com/in/satu-m-korhonen/
https://why2025.org/
https://www.ccc.de/en/home
https://events.ccc.de/en/
https://disobey.fi/2026/
In a riveting dialogue with cybersecurity expert Satu Korhonen, we embark on a comprehensive exploration of the intricate dynamics between artificial intelligence and security vulnerabilities. Korhonen, whose journey into the cybersecurity realm was catalyzed by the surge of AI technologies around 2016, delves into the ethical challenges and potential risks posed by these advancements. She emphasizes the necessity of integrating security practices early in the AI development process, highlighting the perilous consequences of neglecting this crucial aspect. The conversation elucidates how AI systems, often perceived as independent entities, are inextricably linked to cybersecurity protocols. Korhonen shares her insights on fostering collaboration between AI developers and cybersecurity professionals, advocating for a unified approach to mitigate risks and enhance system reliability. As we dissect the role of frameworks like the EU's AI Act, the dialogue crystallizes around the importance of human rights considerations in AI deployment, urging the need for regulatory measures that prioritize ethical standards and accountability.
Hi, everyone.
Speaker A:Welcome back to another episode of the Security By Default podcast.
Speaker A:Bringing clarity to security, which is always a bit chaos in the world that we live in.
Speaker A:And I'm really excited today because I'm always looking for fun topics, interesting topics that's, you know, really hot trends and something that many organizations and people around the world are just having challenges with in order to try and think about what we need to do, how do we reduce risk and how do we utilize the tools and solutions out there without actually, you know, causing more problems.
Speaker A:So I'm actually welcomed with an awesome guest who I've seen speak many times this year, which has been fun.
Speaker A:We've been at events across the world in different places and had some fun times.
Speaker A:So, Satu, welcome to the podcast.
Speaker A:Is this your first time on the podcast?
Speaker A:Because usually, you know, we kind of like to understand what was the origin, what was your path into this crazy world of cybersecurity?
Speaker A:Was it a natural path or was it something that you fell into?
Speaker A:3 Different paths.
Speaker A:If you can give the audience a bit of a background about yourself and how you get into the industry.
Speaker B:Thank you.
Speaker B:And thank you for inviting me.
Speaker B:I'm delighted to be here.
Speaker B:Looking back, it's very natural.
Speaker B:But there were a few pivot points.
Speaker B: the AI industry closer around: Speaker B:My first career was in education, but more on the data science side even then.
Speaker B:And AI was beginning to cause waves with the ethical issues of Microsoft, Amazon scrapping their recruitment algorithm and so forth.
Speaker B:And as all the big players had this kind of egg on face moments, in a very short interval, it seemed like the most challenging, interesting thing around.
Speaker B:And I could either just follow the news and look at it from the sidelines, or I could jump in and see if I could contribute to the field.
Speaker B: And that was in: Speaker B:Then EU released the trustworthy AI framework.
Speaker B:So I first started with looking at how can we approach the trustworthy AI framework from an engineering perspective.
Speaker B:How do we actually build something that is a trustworthy AI?
Speaker B:What would that mean and what would it need?
Speaker B:But it's a big field, so I needed to narrow it down.
Speaker B:And then I ran across the cybersecurity crowd.
Speaker B:Loved the people.
Speaker B:And it was actually the people that then, yes, I found my tribe.
Speaker B:I'm absolutely among my people in this crowd.
Speaker B:So it was then very natural for me to navigate and just look at the security and safety of it, because that's fundamental to being trustworthy.
Speaker B:You have to be safe and secure.
Speaker B:And that was a more narrow focus and I worked on that for a bit.
Speaker B:I've been talking in many events to cybersecurity people on what they need to know about AI because if you look at an AI system, it's mostly basic it, it's cybersecurity.
Speaker B:But there's a disconnect where often or when I started the cybersecurity people were more of the approach of it has AI so it's not for us to look at like it's someone else's problem basically.
Speaker B:And then the AI people were looking at, well that's security, that's cybersecurity people's problem.
Speaker B:So I was trying to bring these groups together to see that actually you could collaborate and that would get the best results.
Speaker B:Then chatgpt.
Speaker A:I've got that crazy meme in my mind about the spider mans pointing to each other, the IT team, the ethics team, the AI security, all pointing at each other going, isn't it your responsibility?
Speaker B:Yes, yes.
Speaker B:And I've seen projects where basically it is the lonely AI person who is put given to the task of setting up the entire infrastructure and everything.
Speaker B:And when it's the AI person working on a cloud they may not have worked on before, setting up the APIs and firewalls and such, it's, it might not go the optimal route because we need access to production data.
Speaker B:So those roles don't exist in organizations necessarily.
Speaker B:So then we're given admin access to everything because that's the role we have.
Speaker B:So I felt the need that there's this bit of an educational need here.
Speaker B:And then ChatGPT happened and for a year I was in this kind of AI evangelist role and helping the company I was working at at the time to understand AI.
Speaker B:I kind of started to feel the pull of toward it's being pushed everywhere really fast and maybe not as thoroughly tested and checked in.
Speaker B:Bit of an, in an alpha state, pushed everywhere.
Speaker B:So then I started to teach people to hack AI.
Speaker B:So no, ethically, thoroughly security tested.
Speaker A:Yes.
Speaker A:Like we're, we're, we're testing, testing it for quality assurance and security vulnerabilities and flaws.
Speaker B:Absolutely.
Speaker B:And then just a couple of months ago I also changed the role that pays most of my living, which is looking at gen AI as a hybrid risk and threat and also how to use AI to identify hybrid threats to keep critical infrastructure secure.
Speaker B:So these are kind of like the two things, two things I do with AI.
Speaker A:Well, fantastic.
Speaker A:I mean that's definitely, definitely.
Speaker A:You know, one is there, is the path there.
Speaker A:But it's great that you, you know, find your, your cr.
Speaker A:Because it's definitely, it's one that I'm very connected to for this.
Speaker A:It's, it's.
Speaker A:I always feel at home with him, with, with my security peers, which is always fun.
Speaker A:But definitely it's great to hear that you started with the AI side, you know, a lot earlier.
Speaker A:Definitely.
Speaker A:It's, you know, the core of AI is maths and data.
Speaker B:Absolutely.
Speaker A:Is really the foundation.
Speaker A:That's the ingredients.
Speaker A:It's maths and data combined which is the core if you think about the raw ingredients.
Speaker A:And there's a lot of things you can do with that.
Speaker A:And it's interesting to hear that.
Speaker A:When you said about, you know, somebody who's responsible for AI, who's setting it all up and tasked with creating systems and algorithms and the machine learning and the large language models.
Speaker A:It seems that without security's involvement early on, the shift left, we always hope it's shifting left because they're not involved in it early.
Speaker A:We're repeating the same mistakes we made over and over and over again.
Speaker A:When we moved to basically cloud computing, we made the same mistakes.
Speaker A:We left the two infrastructure people to go and do the implementations and default credentials, default settings, no security turned on.
Speaker A:And we had lots of challenges over the years.
Speaker A:So it seems like going through that we repeat and it's when security is not involved and sometimes it's, it's a bit of a, you know, it's where we should really think about that.
Speaker A:It is our responsibility.
Speaker A:But sometimes we're overwhelmed and under resourced and under budget.
Speaker A:Many times that means that you're always stressed in that you can't work in some of these, you know, innovative projects where we should do, we should look, you know, and, and maybe that's where AI can help us.
Speaker A:It can take away some of those resource challenges and bunch of challenges to, to automate things so we can spend more time working on the innovative side of things.
Speaker A:But definitely what was some.
Speaker A:So you kind of touched on a point where it was the EU AI act or the framework and the working groups and stuff.
Speaker A:That was something that I was very interested because one of the things I always enjoy doing is stepping out of my kind of, you know, core, let's say path and touching other areas.
Speaker A:And I was involved in the EU AI act and I really liked the approach that they had because it was very risk based approach looking at ethics, you know, the accountability, responsibility, a lot of kind of really key terms.
Speaker A:What was your thoughts around the EU AI Act?
Speaker A:Because a lot of different Places have taken different approaches.
Speaker A:The UK have their, let's say, recommendations as well as the us.
Speaker A:What's your thoughts around, you know, some of the regulation frameworks that's out there and do you think we're, we're going a little bit too fast?
Speaker A:Especially if it is in that alpha early stage as well where we really, you know, it can help with a lot of things but also can cause a lot of disruption as well.
Speaker B:I like the also the approach EU took here of focusing on human rights and seeing what are the risks to fundamental human rights.
Speaker B:And based on the risk level then you have to just take more care in the building of it.
Speaker B:That's a very logical approach and it's regulating a technology that moves as fast as AI is very, very difficult and it won't work, but regulating the possibility of impacting human rights that you can.
Speaker B:So I really like the framework and I like the AIX approach to this.
Speaker B:Of course looking still like wondering how they're actually gonna, where it's all gonna settle of what it actually means.
Speaker B:The devil's always in the details, but the idea of it is sound.
Speaker B:If your system can impact the basic rights, some of these, you should take care.
Speaker B:Yes, you should take care.
Speaker B:And how you build the system so, and have some checks and balances is really important.
Speaker A:Absolutely.
Speaker A:Because I think of it more as, you know what I remember working on the GDPR side and we could have done some improvements areas.
Speaker A:You know, I think the fundamental kind of basis is there, the frameworks there solid, it can do with improvements and refinements.
Speaker A:But I did like the EOX kind of looking at it from, you know, the risk to, to society.
Speaker A:So more that impact rather than a technology focus, it was more about the risk focus.
Speaker A:And I thought that was a very kind of, kind of the best approach that they could have done.
Speaker A:So kind of I went through because different subject matter working groups I've been involved in.
Speaker A:It was really interesting to see where AI had huge benefits, but also where it had potential areas of high risk.
Speaker A:Using it for things like law enforcement usage, for digital evidence gathering, that meant that you had to have a high accuracy level.
Speaker A:And in the current system today.
Speaker A:But there's question for the accuracy level, especially when you've left it open to lots of learning models, lots of training models and when you contaminate the, the data that's been trained on, then you can have a huge difference in accuracy levels.
Speaker B:Yes.
Speaker A:So what's your thoughts around kind of the current models today and the levels of accuracy and what's the best approach to get much higher accuracy?
Speaker B:Well, first we have to remember that it's probability based.
Speaker B:It's never going to be perfect.
Speaker A:Yes.
Speaker B:And that's the first thing you have to accept if you want to use AI.
Speaker B:If you cannot accept it's going to make mistakes, then you need to use a rule based system and not the probability based one.
Speaker B:And that's like this is the start.
Speaker A:Perfect, perfect comment.
Speaker A:I think that's such, such a great kind of differentiation between, you know, the probability and fixed having rules that stay within those guidelines.
Speaker B:Yeah.
Speaker B:So that's, I think that a lot of people forget that all of these systems are probability based.
Speaker B:And I think when we look at foundation models, one thing to remember is that what the data is, is crucial to what the AI is.
Speaker B:So like recognizing faces.
Speaker B:If all the demographics are not properly present in the training data, it's gonna make its biased and it won't be as accurate across the population.
Speaker B:So there is gonna be larger margins of error, more errors in different perspectives based on what the data holds.
Speaker B:So there are of course ways around it.
Speaker B:But first you have to accept that this is the case so you can mitigate it.
Speaker B:And I don't know, like I'm sure there's mitigation that's being done, but we are taking these foundation models and adopting them around the world and they are developed in very few places.
Speaker B:So I think that's, that's like the fundamental problem that at least needs to be examined with regard to the exact use case of do we use a model for everyone?
Speaker B:Do we need different models for different demographics for instance?
Speaker B:So that's one and that's not even talking about the poisoning yet, just how they work and how AI works, just,.
Speaker A:Just getting a higher level of like less false positives in the, in the result that you want in the end.
Speaker B:Yes.
Speaker B:But then yes, the foundation models, as long as they are based on data that's scraped from the Internet, it's always safe to assume they're poisoned in every single way and viewpoint that you can possibly consider.
Speaker B:And a lot of the work that I've seen done in EU system development is very much trying to ensure it does not use the kind of the worldview it has gotten from that training data and it only uses the information that's provided in the context.
Speaker A:Yes.
Speaker B:So but then that's not the AI the great, the grand population interacts with.
Speaker B:So something that's custom built to solve a problem is you can address these things, but then you have ChatGPT or like you have the AI summary in Google and you have the population who doesn't don't understand the technology and they get this one answer that seems so sure of it with this convincingly and pleasantly written.
Speaker B:Like I love the example from Google that I did a search in June of are the pools of Titanic full of water?
Speaker B:And in June it gave a very convincing reply as to how they are not because the Titanic sank and the structural problems as well as the pressure of the water would not allow for the pools to have water in them.
Speaker B:Then I have not checked it now, but they fixed it for a while and they did answered in a more correct manner.
Speaker B:And then as I did my last talk in Disarray, which is a cybersecurity event and a member in the audience checked and it was broken.
Speaker B:Again.
Speaker B:It's.
Speaker B:The technology is interesting and it can be useful, but to stay safe with it, you need to understand it, why it works the way it does and you need to take it with a grain of salt and mm.
Speaker B:I think a lot of people have a misunderstanding that it's math and math is usually correct and you can like trust it because it sounds convincing and everything.
Speaker B:And that's where we get to the problems of it because people trust it too much and it's, it's, in a way it's easy to follow it.
Speaker B:Like I did this experiment with it where I used it to write a blog post where I first asked it to give like a bullet point list and then okay, these bullet points sound solid.
Speaker B:And then create the blog post based on this and again looked at it and I worked on the paraphrasing and stuff for a while and I was quite happy with it.
Speaker B:And then I put it to the side for a week and I did not look at it at all.
Speaker B:And after that I came back to it and I read it and I'm like, I cannot publish this even, even, like it was in my area of special expertise.
Speaker B:But it writes so pleasantly that it was easily swaying to read it and think this is just, this is fine.
Speaker B:So I think yeah, there's some issues there.
Speaker A:I learned a lesson.
Speaker A:I was, I had an episode earlier this year with Carlos pull up and we had a, you know, in depth talk because he, he has the hack tricks AI which is the, the pen testing platform that you can ask questions about how to do certain, certain tasks and techniques.
Speaker A:And one of the challenges I had was a while back I took a lot of my old scripts from many years ago.
Speaker A:So I had a whole Bunch of old WMI based watchdogs for using monitoring systems.
Speaker A:And I answered GPT to, you know, can they update it and port it over to PowerShell and go and Python so I could then use it in more modern systems.
Speaker A:And so one of the, one of the scripts is about 150 lines of code, very simple, very basic.
Speaker A: t came back with this massive: Speaker A:And I was like, what's going on here?
Speaker A:And I had, I started having to pull it apart going like, how could it be so complicated and how did it like expand itself so much?
Speaker A:And it got to the point where it made lots of assumptions and even got to the, where it was actually creating functions that didn't even finish.
Speaker A:It just said to be done.
Speaker A:It was like laughing at it.
Speaker A:It was like, you know, didn't even finish what I asked it to do.
Speaker B:Yes.
Speaker A:And one of the things that Carlos was mentioning to me, he said that while we all, you know, we're all getting to being, you know, prompting, you know, prompt analysts, you know, to prompting these models to do things for us, he said that it's more important about including what you don't want it to do, the exception.
Speaker A:And that was a realization to me.
Speaker A:I went through and I was like, created lots of, you know, error handlings, lots exceptions, lots of kind of things that I just didn't want and didn't need.
Speaker A:And I just got me thinking about anyone who's doing this, you know, the vibe coding and trying to create lots of scripts and doing it quickly, they're going to realize that they're creating a maintenance nightmare for the future if they don't get into understanding about how it's working and how it's created.
Speaker A:Learned a lot from that.
Speaker A:And I tried to get it to or my what I didn't want it to do and all the questions.
Speaker A:So getting my proper prompting to this is how I want it, but this is what please don't do this.
Speaker A:And I resumed getting it done.
Speaker A:I got it closer to what I wanted and much more easier to manage and maintain later.
Speaker A:But it taught me a valuable lesson that it's not just as important to ask what you wanted to do, but also you had to be very explicit about what not to do or give it a very set guidelines of rules that you wanted to follow in order to get closer to a more workable result, a more manageable result.
Speaker A:So it's quite interesting that, you know, I think we're going to have to spend a lot of time understanding about what questions we want answers to.
Speaker A:But we'll also have to be very clear in the context that we.
Speaker A:How we want it, even to your point is that when you read something it looks so good, but it's written in a way that it's, you know, it's.
Speaker A:It's getting all of Wendy Nathan's response to hyperbullying where it's kind of getting like overly excited and overly blessed.
Speaker A:It's like.
Speaker A:And even I remember a friend, Ken said that, you know, it's getting to the point where it's too perfect.
Speaker A:We're humans, we like the inaccuracies because that's what makes us humans.
Speaker A:So we now have to start prompting it in is like can you create a few grammar mistakes just to make it look like I wrote it?
Speaker A:Can you make some inaccuracy?
Speaker A:So it's more human because.
Speaker A:Because I, I have some dyslexia.
Speaker A:With dyslexia I switch letters and back and forward and words and stuff and I'm like, you know, write it as, you know, as if it's this dyslexic person.
Speaker A:So I want to get it closer to be more personal, personalized.
Speaker A:And I think over time we can train it to do that.
Speaker A:But it does take time.
Speaker A:I think we really to your point is we have to understand how it works and what is the right way of prompts to use and how to train it to our more unique personalization as well.
Speaker B:Yes.
Speaker B:Also I think just taking time between like getting the output and then using the output so you go back to it is really important.
Speaker B:And also encoding like I used ChatGPT to transition a code or a hackable AI bot I had done in Streamlit to get it to be done in Flask and I used a lot of it.
Speaker B:I think it's easier if you do it at a bit of a time because if you want to get the to do function, then you just explain that function.
Speaker B:You get it to do one step at a time.
Speaker B:When you're still doing the thinking of what it should do.
Speaker B:What does the overall thing need?
Speaker B:You're the architect in a way and it is the over excitable junior assistant who sometimes creates really good output and sometimes rubbish.
Speaker B:But as soon as you notice that you're not critically evaluating the output, then it's time to take a break and go have a coffee or something because then that's when mistakes start to happen and it looks good and it's rubbish and then you Have a lot of bloat and assumptions, as you said, that is not needed.
Speaker B:I got it to chase its tail one time when I asked it to fix a problem, and then it fixed it, and then again I need not yet to fix.
Speaker B:So we went this in a circle where the same fixing the same problem over and over again for a while.
Speaker B:And it's just really interesting.
Speaker B:And I think this is something that is worth playing with.
Speaker B:So you know how it fails.
Speaker A:Yes, I think that's one of the.
Speaker A:It's really important to understand is that, you know.
Speaker A:Absolutely.
Speaker A:We have to learn where it makes mistakes and understand how to detect them better and quicker.
Speaker A:I use the term.
Speaker A:One of the things I've always used to compare it to is almost like the mushroom in Super Mario Kart.
Speaker A:And what I mean by that is that in Mario Kart, when I get the mushroom, it makes me go super fast.
Speaker A:It makes me stronger, depending on the color of mushroom I get, but it doesn't make me a better driver.
Speaker A:It just makes me go faster.
Speaker A:And I think it's the same is that, you know, we can combine it with humans, which will make them more, let's say, go faster, but it doesn't make them better and more effective.
Speaker A:And we have to think about, you know, that how do we do it in such a way that does create the effectiveness and efficiencies as well.
Speaker A:At the same time, we want definitely quicker decisions, but we want the decisions to be something of a learning curve as well to.
Speaker A:To train.
Speaker A:Not just train the AI systems, but to train us.
Speaker A:Because, you know, that's what we wanted to do, is we want this to be a quicker feedback loop to decision making, to probability.
Speaker A:You know, how do.
Speaker A:How do we get to the options much faster and the choices that we have so we can make much more informed decisions.
Speaker B:And I think this is something where we need to have a discussion on what is productivity?
Speaker B:What do we mean by it?
Speaker B:If it's lines of code or lines of text, it's a very good productivity tool.
Speaker B:If it's better text, better software, then it requires on how you use it.
Speaker B:It is a tool.
Speaker B:It is.
Speaker B:It is not a sage.
Speaker B:It's not a genie in a bottle.
Speaker B:It's a probability engine.
Speaker B:And a lot of the code it has gotten from places like Stack Overflow and others where the code is.
Speaker B:Some of it is really outdated, some of it is faulty, but it doesn't know what is good code and what is bad code.
Speaker B:It's just code, and it looks at what's probable to come next, which is the majority of what it has found.
Speaker B:So looking at code online.
Speaker B:Well, the majority of the code online isn't the excellent code.
Speaker B:It's going to be outdated and stuff.
Speaker A:So it was interesting.
Speaker A:I did see a talk from Chris Vysopol recently.
Speaker A:He was talking about, you know, the design side and he talked about, you know, the AI use.
Speaker A:And he did see, he said that, you know, from their analyzation of a lot of the code practices, you said that with the different models of GPT improving they have seen a significant increase in higher quality code.
Speaker A:Yes, but he did emphasize is that it hasn't had much to almost zero impact on increasing secure code.
Speaker A:So there's a, you know, there's something that we do have to make sure that one is, yes, you know, we can be more productive in creating more higher quality code using AI models but we have to be kind of looking at them and making sure we're also incorporating, you know, the security part, and it goes back to the prompting side as well, is if you actually asked it to do it in a secure way, it will actually create it for you if you actually asked it properly with the right prompts.
Speaker A:And that means that we do have to get to the point where we are training developers to make sure they're using the right kind of requests in order to get the much more higher quality, higher security and addressing things like the OS top 10, you know, kind of bugs and application vulnerability side of things.
Speaker B:And you can like, you can give the AI your code and then you can give it, well, the ones that you can give a file to, you can give it like the OVA's top 10 vulnerabilities, that document and ask it to, hey, there's the document and here's my code.
Speaker B:Look at it from this viewpoint of how much of these are present here and how do I mitigate them.
Speaker B:So it is a really good tool.
Speaker B:But I think like we as humans, this is quite the new technology still.
Speaker B:We are very much learning how to use it to our advantage.
Speaker B:And I think we have to also accept that there's going to be some teething problems.
Speaker B:And I think we're seeing the teething problems, but there are ways to use it and there's the ways to benefit from it.
Speaker B:Which is why I focus a lot on how do we use it and how do we get benefit from it and what kind of problems are we solving with it.
Speaker B:So like for me, I do use it when I code, I get ideas of it.
Speaker B:I can use it to look at my code from different viewpoints because I'm a human being.
Speaker B:I like my viewpoint.
Speaker B:So looking at any topic from, hey, take a look at this from this role or that role, and what do you think about?
Speaker B:It allows me then to open my perspective and reduce my own biases when looking at a text or a code or anything.
Speaker B:So there's a lot of ways we can benefit from it, but it might not be faster, but if we take the time and it can be better.
Speaker B:Because I think there's been research on like, if you have AI or human, and then you put the combination, the combination of the two is usually better than either.
Speaker B:So I think it's very much of how do we utilize this technology to.
Speaker A:Our advantage, I believe.
Speaker A:You know, I've had a lot of talks which is the AI versus AI, which is sitting back and us being, you know, onlookers to.
Speaker A:To the battle between algorithms.
Speaker A:But I do think that the most optimum is when we combine AI with humans will be the most best outcome.
Speaker A:So it allows us to be involved and it also allows us to be kind of allows to focus more on the innovation side of things and the things that we enjoy doing as well.
Speaker A:So take a lot of the mundane tasks away.
Speaker A:So I want to get to one of the things.
Speaker A:I want to get to one of the things you've been working on, which is one of the fun projects, which I've seen some of the workshops at the events that we've been at, which has been fantastic.
Speaker A:So which is all about kind of showing the risks of AI and some of the ways you can prompt engineering and, you know, jailbreaking.
Speaker A:And so can you share a little bit about the projects and some of the projects you have?
Speaker B:Yeah, so that would be hack AI, which is the terminology I'm using for.
Speaker B:It's a hackai quest where I have a few games now, but I'm building more where it's very much.
Speaker B:I'm trying to build it into this community for.
Speaker B:For people to have a place where they can with license, play around with the AI and see where it's vulnerable and brittle.
Speaker B:And it also gives me opportunity to first develop games.
Speaker B:I have like few different levels and they have different guardrails and protections on each level.
Speaker B:And I hope now I have.
Speaker B:I'm beginning to have enough data that I want then to look at what kind of hacks work against which kind of guardrails.
Speaker B:And then that's also information I can release to the people, like to the community of we Understand how they work and what doesn't work and all this sorts of thing.
Speaker B:And I think it's just also a really fun way of gathering people to play with this new technology because to understand and where it really works, you have to play with it.
Speaker B:And I think if we immediately try to be effective with the technology, we won't be because we try to optimize immediately first we need to actively try to fail with it.
Speaker B:Just, you know, in Finnish we have the saying of like kicking the wheels of a car to kind of test it.
Speaker B:You need to do this kind of thing.
Speaker B:Yes.
Speaker B:Yeah.
Speaker B:So I kind of build opportunities for people to do that.
Speaker A:I laughed.
Speaker A:I was.
Speaker A:I did a workshop recently in Ireland and I had a couple of people who were talking about, you know, AI training models and kicking the wheel to the tire scenarios.
Speaker A:And it was interesting is that they actually said that perfect data is not always the best data as well.
Speaker A:They said that you actually want to.
Speaker A:It was like when you teach someone, you know, like you teach a kid, don't, don't touch the hot stove because it'll burn your hand.
Speaker A:And then of course they touch it and they learn from it.
Speaker A:So it was actually an interesting.
Speaker A:Because I was always, I remember working, when I mentioned it on the EU AI act on the working groups, I always had the sense of some things you needed, had the perfect system.
Speaker A:But to your point, it doesn't need to be.
Speaker A:And we had to realize it's not the perfect system.
Speaker A:And we actually have to show how the systems can also determine that, yes, this is fire.
Speaker A:I don't want to touch it.
Speaker A:So you actually sometimes have to give it the inaccurate, you know, poisoned, you know, kind of bad data to learn how to tell what bad data is.
Speaker A:And it was an interesting concept as well.
Speaker A:So it was something I was going to very intrigued with is that, yes, we have to teach it because if we use the Internet as the training model, there's a lot of bad data out there.
Speaker A:It will become a very biased, unethical system.
Speaker A:So it's quite interesting.
Speaker A:So I think, you know, using the games is a great way to highlight that, is that, you know, that these are not perfect systems and that we can, you know, if we learn what the mistakes and what the levels of security are in place, it allows us to make much more better decisions going forward.
Speaker B:Yeah, like earlier, before generative AI, you could have like computer vision, look at street signs, and just by adding small static to that image, you could completely move, like change how the AI interpreted it.
Speaker B:So they are if you try to give it the perfect data, which is what is kind of the go to for data scientists to try to get it good quality data, you end up having a vulnerable system because it is easily swayed by small deviations.
Speaker B:So you actually actively need to have that.
Speaker B:The bad examples, not like this.
Speaker A:Yes, I remember the stop sign.
Speaker A:If you put the stop sign you put, you put the like the shape in the right place at the right, you know, like location.
Speaker A:It would look like a duck or something.
Speaker A:Something ridiculous.
Speaker B:Yes.
Speaker A:So a car, a car was, you know, driving along and there's a stop sign and all of a sudden just one simple modification, it's a duck.
Speaker A:And the car's like, yes, okay, let's drive through the street lights.
Speaker A:Yeah.
Speaker B:And it's the same as with the coding example.
Speaker B:You need to, not just in using it, but in training it, you need to tell it both what you want and what you don't want.
Speaker B:So you need the both sides.
Speaker B:And then you have a more stable system.
Speaker A:You have a system that can learn much more, kind of, let's say much more effectively.
Speaker A:It can learn kind of because it has, has an understanding of both good and bad and therefore basically can try to interpret in a system where it doesn't have that if you get one tiny piece of wrong information or completely, let's say, you know, invalidate a lot of the decision making it has because that just becomes the de facto, you know, let's say source of truth and trust.
Speaker A:I think as we, as we start using the systems, we have to have an element of understanding is one is for me is, is accuracy level but also the trustworthiness of the system as well.
Speaker B:Yes, that's an important viewpoint because as it is being, it's quite ubiquitous nowadays and we find these systems everywhere.
Speaker B:I think it's, we do need to spend effort on making sure they're trustworthy.
Speaker B:This is why I like the European Union to AI because I think it's at the core of it.
Speaker B:We are talking about what kind of a society we want, how do we want it to work.
Speaker B:So it's a very big topic and it's something that I always welcome discussion on.
Speaker B:On what is the world we want to live in and we are building.
Speaker A:Yes.
Speaker A:Who do we want to benefit from it?
Speaker A:And at the end of the day, you know, it should be here to serve humans and citizens and not the other way around.
Speaker A:So, you know, I always say is unfortunately today humans and data is the fuel of AI.
Speaker A:Yes, we want it to be, you know, where data is the fuel, the accelerant, but the output is to make our, you know, lives better and make it much more enjoyable and, and we should all benefit from it.
Speaker A:So I think it's, it's an interesting kind of direction where we could be going in the future.
Speaker A:And definitely, you know, I really enjoy because I did see that the RIA and Estonia used your, your games in the Cyber Wizards camp earlier this year.
Speaker A:And the feedback I heard from the girls who attended the camp, it was fantastic.
Speaker A:It was, I think for them because they had been so used to using for school and for other purposes and stuff, you know, kind of using it to help them.
Speaker A:And it was an interesting lesson that they learned about, okay, here's the interesting things.
Speaker A:You can get AI to do that and learning from that because then and now they know to, you know, take the, the results that you get from AI with a bit of grain of salt, a bit of more.
Speaker A:Let's say they have more questions and they able to now validate a lot more.
Speaker A:So it was great feedback that I hear from them.
Speaker A:So for, for you, what's, what's some of the things you're working on?
Speaker A:Where can we see you in future events and activities?
Speaker A:What projects do you have coming up?
Speaker A:And is there any significant events that you had this year that was the most memorable events?
Speaker B:Quite a few of them, I think.
Speaker B:I've been to a lot of events this year.
Speaker B: morable would probably be why: Speaker B:I had a talk there and I also had a workshop where we had about maybe 150 people in the heat in the black tent of hacking the AI.
Speaker B:I made a connection then that we're thinking of planning a game together, which is like, I think now I started with building these things by myself and now I am seeing more and more of.
Speaker B:I'm building them with, with other people and that is so much more fun and I hope to get into more of other types of games other than just prompt injection.
Speaker B:So I have a lot of ideas.
Speaker B:And then there's this project that is not yet public, but will come around disobey that I'm doing in the Finnish community around the same kind of thing.
Speaker B:But I can, I can come on a later podcast to talk about it.
Speaker B:I just joined it so I can come later to talk about more about it.
Speaker B:But it's quite an awesome project.
Speaker B:But yeah, there's a lot of building and I think that I was an awesome thing to do.
Speaker B:They approached me of, hey, we have this camp.
Speaker B:Would you be willing to.
Speaker B:Can we use like one of the things you have on your website?
Speaker B:And I'm like, yeah, I like what you're doing.
Speaker B:I will build you a system that supports what you're trying to do.
Speaker B:It was so much fun because like this is very much what I do for the love of the sport kind of thing.
Speaker A:It's, it's, it's as well it can, you know, sometimes we get kind of so in, into say in the ruts of what we're doing and when we sit back and we see, you know, how some of the things we do is, you know, benefiting the community and the next generation of talent.
Speaker B:Exactly.
Speaker A:And having over a hundred girls who went to the camp in the summer from all around the, you know, as many people from all around the world, I think it was more than 60% was international who came to, to, to the camp and, and they were, you know, learning, hacking all week, cracking passwords, using flippers, opening doors, escape room, hacker escape rooms and, and they had a fantastic time.
Speaker A:And we definitely need more of those types of activities including.
Speaker B:Oh absolutely.
Speaker A:Your contribution to it.
Speaker A:Really create the next generation talent because, you know, I'm not getting any younger so.
Speaker B:Yes.
Speaker A:So anything I can do to have the next generation come and delegate some of the future to them would definitely be something I'd be enjoying.
Speaker A:So for the WAI camp, the WAI Hacker camp in the summer, I think not many of the honest might be familiar with it because a lot of the audience are kind of more familiar with some of the kind of like black hat defcon and stuff.
Speaker A:Can you share a little bit about, you know, what, what is, why, where it is and kind of what happens there.
Speaker A:It is a true camping.
Speaker A:It's a true camp set up tents there.
Speaker B:Yeah.
Speaker B:Well, basically at the start of the event it was a field and then there was infrastructure, electricity, WI fi, lights, events, tents, everything for about 4,000 people.
Speaker B:Hackers and builders and makers and breakers.
Speaker B:For a week.
Speaker B:Yeah, we lived in tents and it was very much camping and it was so much fun.
Speaker B:It was my first hacker camp.
Speaker A:Okay.
Speaker B:So what won't be my last?
Speaker B:Because they are a lot of fun.
Speaker B:So it's always in a different name, but it's always.
Speaker B:So it's one of, one of the big hacker camps in Europe.
Speaker B:Other one is the CCC camp which is in two years.
Speaker B:So that's the next one and they intermingle.
Speaker B:So it's every two.
Speaker B:It's that one next going to be in four years.
Speaker B:And then.
Speaker B:And they kind of instrumental.
Speaker B:So there's one every two years.
Speaker B:And I do recommend them because it's.
Speaker B:Yeah, it's an experience.
Speaker A:They're definitely more.
Speaker A:I've never been to either Y. I've got a lot of friends who do the Computer Chaos Club and I've had a few people who attended Y.
Speaker A:And I've always like, oh, for me, I think it was always overlapping with defcon.
Speaker A:So I'm kind of like, oh, it's, you know, frustrating.
Speaker A:Nice to have a week apart.
Speaker A:So I can.
Speaker A:I can I get both.
Speaker A:But I always hear so much amazing things of Computer Cast Club as well.
Speaker A:So CCC even.
Speaker A:And they're very much.
Speaker A:I think they're the camps which are very family oriented because people go with their campers and families and kids have so many other activities as well.
Speaker A:So it's definitely much more of a community open event.
Speaker A:And you're absolutely right.
Speaker A:It's not just hackers, but as builders and breakers and coders and everything coming together in order to kind of just share experiences and what they've been working on for the past year.
Speaker B:Yeah.
Speaker B:Another event I really like was Balkan.
Speaker B:It was all my first.
Speaker B:First time there too.
Speaker B:Won't be my last.
Speaker B:It's an awesome event and of course Disobey is something that is close to my heart.
Speaker B:It was my first bigger cybersecurity event I went to.
Speaker B:And it's something I try to get into every year.
Speaker B:But these events are awesome and I do recommend participating in them.
Speaker A:Absolutely.
Speaker B:Because you really get the feel of where the industry is and what's happening.
Speaker B:Plus also they're just very welcoming and really nice places to be.
Speaker A:Yep.
Speaker A:I had so much fun at Belcon this year, especially the hacker.
Speaker A:Hacker Karaoke was a blast.
Speaker B:It was a blast.
Speaker B:And during.
Speaker B:During the workshop there, we had a personal experience of why resiliency is needed.
Speaker B:Because I host my AI locally because I'm interested in the local AI and it blew a fuse and we lost our GPUs in the middle of the workshop.
Speaker B:And it was quite interesting to get something back online for the rest of the event.
Speaker B:But.
Speaker A:Yeah, but that's always good because it shows you the real time.
Speaker A:Troubleshooting is always fun as well because then the audience, sometimes they get a lot of lessons from that as well.
Speaker A:So for the audience, you know, how can they stay like, how can they stay in touch?
Speaker A:Where can they get access to the games and sign up and go play around with them as well?
Speaker A:What's the best way if they have questions to ask you and what's the best way to get access to the games and to learn more about hacking AI.
Speaker B:Okay, so there are two resources, which is Hackai Quest, that's where the games are.
Speaker B:And it is a community project.
Speaker B:If you feel like supporting it, you're welcome to.
Speaker B:Everything I get will go directly to building and hosting this stuff.
Speaker B:So bit of an advert here and then the other is the Helheim Labs, which is my Helheim Labs AI, which I will redo the website very soon.
Speaker B:But it's my way of doing the fun stuff, even if my current employer may not be interested in that part of it.
Speaker B:So it's.
Speaker B:I do like pen testing AI and then like if I want to like build, take one of the games and then offer it to a company or something with their branding and stuff, this is how I do that part of it.
Speaker A:Yep, fantastic.
Speaker A:Excellent.
Speaker A:Any, any final words of wisdom you want to leave to the audience?
Speaker A:Anything you want to kind of point them to in the, in the future?
Speaker B:I think just following the space of how AI is hacked, there are so many blogs and just following the like the news cycle of that it is so much fun.
Speaker B:And if you don't have time to do a lot, the hacking yourself, which you can do like with resources life like the Gandalf by la, you can do this.
Speaker B:But at least following the scene of how they're vulnerable, just how others have played around with them is really useful because you get the feel of it even with just that until you have the time to actually start playing with them yourself.
Speaker A:It's.
Speaker A:I think it's important, you know, if, if you haven't to set us a time aside because this space is evolving so fast and if you don't kind of get, get, you know, a little bit of hands on, you're going to be left behind.
Speaker A:So I think it's really important to get.
Speaker A:We all can learn and understand what's happening in the space.
Speaker A:So Satu, many thanks for being on.
Speaker A:It's been awesome.
Speaker A:I'm always learning a lot from you.
Speaker A:I always enjoy the workshops and, and many thanks for everything you're doing in the community wise because it is, is making the world a safer place and making us understand the tools that we're using much better rather than going in blind because I think that's, you know, that's the worst thing we can do is not understanding the capabilities and the risks at the same time.
Speaker A:So it's been awesome having you on.
Speaker A:So for everyone, definitely go take a look.
Speaker A:I'll make sure that I include the links and stuff in the show notes so everyone can easily access them later.
Speaker A:And so for everyone out there, this is the security by default podcast, bringing new clarity to the world of chaos that we live in.
Speaker A:And hopefully you'll learn something and go play around with the hacking AI tools and learn more about how to make the world a safer place.
Speaker A:So stay tuned every two weeks, new episodes, share it with your friends, share it with your colleagues, and look forward to seeing you on future episodes.