XBOW CEO and GitHub Copilot Creator Oege de Moor: Cracking the Code on Offensive Security With AI

[00:00] Because we now have AI code generation, everybody can create code. [00:06] But not everybody knows about security. The models that generate the code have been trained on all public source codes. [00:13] There's a lot of vulnerabilities in all the public service code. And so we generate much more code with more security problems. [00:22] On the other hand, attackers are already using AI to make their own work more effective. And so we also have a greater threat. So more code, more attacks. That kind of makes the automation that XBO is doing absolutely essential. [00:52] Thank you. [00:59] Today, we are excited to welcome Ujed Mor, founder and CEO of Expo. [01:06] As the creator of GitHub Copilot, Uhe has helped push the boundaries of modern AI. [01:13] Before GitHub acquired his last startup, Seml, [01:17] Uhuhe was a computer science professor at Oxford. His new company, Expo, is one of the most exciting AI native companies to launch this year. They're able to automate offensive security. [01:29] with an AI penetration tester.

[01:32] It's one of the best examples of AI services as a software that we've seen. [01:36] We're excited to talk to Uhe about the breakthrough results of Expo. [01:40] and [01:41] What's next in AI? [01:43] Ooh, yeah. [01:45] Expo now matches the capabilities of the world's best hackers. Is this one of the first industries that's going to be completely disrupted by AI? [01:57] Absolutely. It's going to completely change the way application security is implemented in the enterprise. [02:10] Service as a software. People will be able to replace a lot of routine human work. [02:21] with complete automation. And that will free up the humans. [02:25] to do the truly creative work themselves. [02:28] So, Uyghia, tell us about some of the results that you announced recently, because I think they're – [02:33] Really quite striking. [02:35] So when we first built the first version of our product, we decided to try it out on renowned industry benchmarks. [02:45] And these are challenges that human hackers use to hone their skills. And we got these from a bunch of commercial providers, including Portswigger and Pentastalad. [02:59] On these benchmarks, [03:01] Our product scored 75%, which was amazing. In fact, it was so good that my first reaction was that surely there's something wrong here. What's actually happening is that probably these benchmarks are so well known that they occur somewhere in the training data and the...

[03:20] the mobile is simply regurgitating the autos. [03:24] Sir, we created a new set of benchmarks, completely original, guaranteed to be not in any training set. And those had scored even better, 85%. [03:34] Wow. [03:36] So then the question is, how good is that really? [03:41] To answer that, we got in a question. [03:46] Five professional pentasos from reputed farms. [03:49] And we asked them, [03:51] to solve exactly the same set of 104 challenges. [03:55] One of these people is really at the top of the game, the very best type of pentaster, the kind of person that you'd ask to secure a multi-billion dollar hedge fund. [04:05] And he scored the same. He scored the same as the AI. However... [04:10] The human took 40 hours. [04:13] And the system took just 28 minutes. [04:16] Yeah, that is striking. And when we first partnered with Uhe, it was science. I got to say, we did not know if the AI would even be able to perform remotely as well as humans. And then when Uhe called and said, hey, Constantine, we've got some results to share that will blow you away. [04:33] It certainly did. [04:36] It certainly did. What do you think was your over under back in January, February, when it was still science as to whether an AI could perform at the level of these 20 year seasoned penetration tester experts? [04:49] So at that time, I didn't think that it would be achieved so quickly. I thought it would take at least a year to reach a reasonable level of proficiency. And even then, I would expect that it would work at the level of a mediocre human penthouse, so not at the level of the absolute top.

[05:12] Um, uh... [05:14] In fact, since we announced these results, we've been working quite closely with a bunch of early design partners, and one of them. [05:23] This morning, we found an incredible critical vulnerability, very surprising. And the way it worked, if you look at what the AI is doing, it first crawled the web app. [05:38] And then it found some source code. [05:40] written in PHP and this source code was intended to access [05:47] another host. [05:50] But it used an insecure signing algorithm in order to make that connection. So X-Web was able to get to the other host, generate links and access that. Nothing interesting found there. [06:08] It continued crawling the web app and found another endpoint, [06:12] and decided to try and use the same track that I previously discovered. [06:17] Thank you. [06:18] Didn't quite work. Needs another parameter. [06:21] No problem. [06:23] Browse us around a bit, find some more source code lists. I'm in JavaScript. [06:27] sees a number of candidate parameters, tries them all out, finds one that works, and now it has access to an endpoint and when it explores how it turns out it's intended to download PDF files. [06:42] But not only could you download PDF files, you could actually download PDF files.

[06:50] My password file. [06:51] So this is quite serious. And what I find fascinating about this type of example is that the AI is exploring like human pentaster is. It's taking quite interesting creative terms that would be hard for most human experts. [07:10] So just to summarize what you just said, [07:13] This is a very... [07:15] confidentiality, obviously. This is a very large... [07:20] financial institution that everybody [07:23] watching this podcast would have heard of. [07:25] high confidence. [07:27] And the AI was able to find... [07:30] a very advanced strategy. [07:32] vulnerability. This is the type of institution that has human penetration testers constantly targeting it and trying to find vulnerabilities, a massive budget on security. It was able to find [07:43] a whole file full of passwords. [07:46] That's right. Just this morning. [07:48] That's right. [07:50] And we have something like that. [07:52] every day, every little day. [07:55] Wow. [07:56] Uha, congratulations on the results. Maybe can we take a step back? And for those who aren't that familiar with this specific market, I've heard you and Constantine talking about pen testing, and I think Constantine called them hackers. I don't know if that's the same thing. Like, what is the offensive security market? [08:14] And, you know, I guess, how do you define the market that you're going after and what is Expo? [08:19] Thanks for taking a step back.

[08:21] Thank you. [08:22] See you. [08:23] Offensive security is currently the best way to secure a software system. You invite external experts to come and simulate attacks against your systems. And they report whatever they find so that it can be fixed. [08:40] Before the bad guys got hit. [08:42] Now, this is a highly skilled project. [08:45] activity. People need years of training to do it. And it's expensive and slow. Typical cost of so-called penetration tests is... [09:01] Something in the order of $18,000. Because it is expensive and slow, people only do it... [09:08] once or twice a year. [09:10] That doesn't make sense because their systems evolve much faster than that. And so there will always be periods of time that insecure systems are out there. [09:21] And what Expo does, it automates this process, this highly skilled activity of launching simulated attacks and trying to find vulnerabilities. And because it automates it, you can now run it continuously. [09:39] Um, [09:40] instead of just months or twice a year. [09:43] Hmm. [09:44] What drew you towards this market? I think Constantine mentioned your background in founding Semel and having seen GitHub co-pilots. What drew you towards this?

[09:52] this specific market because it feels like there's a dozen teams going after ai coding [09:57] You're the only team I've met that is taking this specific approach to offensive security. [10:02] So it was kind of the natural thing to do. So my previous company called Semel also was in security, but finding flaws in source code. [10:16] And at SAML, we had an offensive security team. [10:20] which would use our product in order to find potential vulnerabilities. And then our security researchers would find exploits and we would tell the world about what we found. [10:32] even at that time it was kind of [10:36] embarrassing to me, that last step of finding the exploits. [10:40] was done and menely. [10:44] Then when I was at GitHub, GitHub acquired our company. At GitHub, I had the opportunity to found the co-pilot project. [10:56] And so it was natural to now take my new found interest in AI. [11:00] and apply it to the challenge of automating offensive security. It was very lucky. [11:08] One of the star researchers at Semmel was Nico Weissman, and he joined me. [11:16] in creating expo. [11:18] And one thing I'd love to ask you about, I think Expo is such an interesting case study for this brother thesis we have that...

[11:24] you know, AI is actually changing markets of yesterday that weren't as interesting [11:29] AI is actually really expanding and dramatically changing the nature of those markets. [11:34] And I think this is a really interesting case study, so I'd love to dig into it a little bit more. The pen testing market is, you know, relative to, say, endpoint security or network security, it's a relatively small services-heavy market today. And so, to your point, you know, offensive security is so important and it's the gold standard, but it's a relatively small market. [11:55] How do you think AI is going to change the nature of that? [11:59] So first of all, it's small because Earth is powered by a small group of highly skilled human experts. [12:12] I think AI is going to change the market fundamentally in a couple of ways. [12:17] So first of all, [12:19] Because we now have AI code generation, everybody can create code. [12:25] But not everybody knows about security. The models that generate the code have been trained on... [12:33] All public source code. [12:34] There's a lot of vulnerabilities in all the public source code, and so we generate much more code with more security problems. [12:44] On the other hand, attackers are already using AI to make their own work more effective. And so we also have a greater threat. So more code.

[12:59] More attacks. [13:01] That kind of makes the automation that Expo is doing absolutely essential. So we believe that the markets will grow enormously. [13:10] Uhia, one of the, and Sonia, one of the analogies that I think about [13:14] with this market is frankly the adversarial nature of conflict, of human conflict. Cybersecurity is an adversarial game. You basically have two sides that get better and better equipment and they fight each other and it's a little bit of a game of cat and mouse, not completely unlike war and physical conflicts in human history. And one of the reasons why [13:39] we think that this market is particularly interesting is think about how frequent war games are played in the military. [13:47] in the U.S. military or in any military abroad, war games, rent teaming. In fact, rent teaming has been an initiative in most militaries for war [13:58] decades and centuries where you actually simulate a war game simulation. So this is a level of national importance. And really what you have built is, in my eyes, the first ever AI cyber warrior. I mean, I describe it as a hacker because this is an AI cyber warrior that can do things that no software has been able to do before ever. And when you launch these results, I know with confidence because we talked about it, [14:28] A bunch of people from D.C. called us up and said, whoa, wait a second. This is very consequential from D.C. and all over the West Coast. This is highly consequential. And I'm sure it didn't go unnoticed by adversaries to the West as well and that they have probably been working on.

[14:46] issues like this. So my question is, how do we stay ahead of the competition, true competition as a nation state competition, not [14:56] business competition. How do we stay ahead of it? And how do we make sure that Expo is a force for good? [15:02] in this massive adversarial cybersecurity game. [15:05] So first of all, we stay ahead by moving very fast. And at Expo, we are very lucky to work closely with several of the creators of our big foundation models. [15:21] which are ahead of the rest of the world. [15:26] We're also extremely cognizant of the [15:30] potential dangerous users of our technology. Therefore, we've decided to make it available only in the cloud. By making it available only in the cloud and not in some downloadable form of software, we can actually control what scope it is being used on to launch attacks. And so we can require from our customers that they prove to us [16:00] Thank you. [16:01] is actually legitimately there and is not being used to attack someone else. [16:08] AI security warrior. Constantine, you're the new Expo CMO. That is incredible. [16:15] Uh, um, I'd love to learn about, you know, the, the,

[16:20] how the product actually works and how the models work. [16:23] How much of the magic of what you've built is you mentioned you work with some of the major foundation model companies. How much of the magic of what you've built kind of exists in the foundation models versus things that you are building on top? [16:35] So most of the metric is... [16:37] in fact, on top. We work with several of the foundation model providers, and we are... [16:48] We're very happy that they are in stiff competition and they're playing hopscotch. One pulls ahead, the other one pulls ahead. And every time the foundation model gets better, it benefits us. [17:00] But the true magic comes from the security team at Expo. We've got some of the very best hackers in the world working for us. And that domain knowledge is what informs how our product works. [17:15] Can you double click a little bit into how that works? [17:20] Is it prompt engineering? Are you fine-tuning the models? I know that you probably want to keep your cards close to your chest as well in terms of how it works, but I'd love to hear at a high level how you've built it. [17:32] Sure. So I've already talked about these benchmarks that we use to evaluate our product at the beginning. And that is absolutely key. Benchmarks, benchmarks, benchmarks. It's the lifeblood of a company, of a product like this. And so we've organized these benchmarks.

[17:57] into a kind of curriculum to teach the model how to solve cybersecurity problems better. [18:10] Um, [18:11] And the benchmarks are critical to evaluate all the other changes that we make. [18:17] And the other big component of our proprietary technology are the tools that we give to the LLM in order to forge easy techs. [18:30] HumanPantasta has a toolkit of a bunch of things that they use in order to do attacks. But here it's a bit special because we want these tools to work well with LLAMs. For example, since we were focused on web security initially, we need a web browser. [18:50] that is driven by the LLM. You need to click around, you need to fill out forms, and so on and so forth. And so we created a special browser to do that sort of thing. [19:06] Thirdly, and this is pretty important, we need guardrails. [19:11] Maybe first try to try our product on some of these benchmarks. [19:18] It struck me like an over-idol. [19:21] Super brilliant teenager who would do lots of attacks and find something. And then it got very excited and goes, I did a sequel injection. Let me show you what I can do.

[19:32] Drop table. [19:34] This is catastrophic if you use outtake at a customer range. [19:40] This is a big thing about pen testing services. You have to make sure that you do not actually do the harm that a real hacker, an adversarial hacker would do. [20:10] Bye. [20:11] Um [20:12] Then there was an initial phase of attack surface discovery. So what we have is [20:20] a fantastic exploit finder, but you have to point it at the right, at the right endpoint to begin forging an attack. And so this is running a bunch of tools and prioritizing where to go first. And then finally, as you already mentioned, those of course are prompt engineering, three of sorts are prompting to keep it on track and make sure that it finishes one goal and when that finishes the [20:50] I'm not sure. [20:51] You described the technology as a brilliant teenager who is sometimes over eager and maybe finds an exploit and actually drops that table. Some places in the world, there are actors that don't have the same discretion to add those guardrails.

[21:07] What do we do to stay ahead of those actors and make sure that Expo can protect those that are doing good? [21:14] against them. [21:15] So first of all, we need all the obvious safeguards in place. We need firewalls and in that type of technology, AI will also play a role. [21:33] But first and foremost, we have to make sure that we find the vulnerabilities and the exploits before the bad guys do. And that's what Expo is on the back. [21:44] How do you deal with hallucinations? And, you know, I hear about people saying, you know, if my LLM does 50 percent or 60 percent, gets it right 60 percent of the time, I'm good. I imagine security is one of those fields where that is. [21:58] insufficient. How do you deal with, you know, managing around the stochastic nature of and the unpredictable nature of these LLMs? [22:06] So fortunately, because it's automated. [22:10] You just have to run it many times. Going back to your earlier question about the foundation models, what we do see is the better the foundation models get, the less attempts we need to make in order to get it. [22:28] or to find exploits. [22:32] So it's kind of interesting how it will influence how you...

[22:39] or deploy and package and price a product like this. Very much like humans, if you get a human to perform this service for you, [22:53] you actually pay for the time, for how long they tried, how many things they tried. So we are thinking about doing the same kind of thing, charging our customers on the one hand a subscription license, [23:14] But on top of that, you can pay for attack hours if you want to do a really thorough test. [23:21] And make sure that you absolutely find everything. You can pay more. And obviously that would then pay for the inference time on our site. [23:31] I want to get into the pricing and packaging a little bit later because I'm very curious about that. And I think you are one of the first kind of examples of service as a software. And so you are really paving the way in terms of how these things are priced and packaged. [23:42] Before we get there, you mentioned inference time computes. [23:45] And, you know, I think we're broadly very excited about what's happening as more and more of the compute is shifting. [23:51] from pre-training to inference time, [23:53] What do you think the impact is going to be in your market? [23:57] For us, it can only be good when the value that we deliver remains constant. The price for delivering it goes down. [24:09] We see this even over this very short time that Expo has been in existence. We only expect that to continue.

[24:18] Yeah. [24:19] On the probabilistic nature, [24:22] of these LOMs, just revisiting that concept for a second. [24:27] My mental model of what's going on is you have... [24:31] A state space? [24:32] with [24:33] billions of possible states, the actions that the hacker can take, the actions that this penetration test or this AI penetration test can take, billions of possible states. And you've introduced... [24:43] this really intelligent juristic as to the directions to go. [24:47] You, in theory, could execute all possible states in perpetuity if you had infinite compute at infinite time. [24:54] But in reality, you have these constraints. [24:56] And so, [24:58] I'm wondering... [25:00] Is that a reason why this might be the first or one of the first markets? [25:04] to enable full AI automation, as in the stochastic nature of it and the fact that even if you find one exploit, [25:12] It's extremely valuable and you don't have the expectation of a complete exhaustive search. [25:17] You do want to be sure, but you find everything that a very skilled human being would find. And so this is why... [25:25] We've kind of exhausted our first set of benchmarks. We're now creating a new set of benchmarks, to be absolutely sure. [25:35] We find everything that there is to find. People do these offensive security exercises, not only to find a vulnerability, but also to have the peace of mind.

[25:49] that it's not easy. [25:51] to find stuff they didn't know about. And so we do have to make that, or we have to present the evidence to our customers. [26:00] that we do find everything skilled human beings would find and people will insist on having that reassurance. [26:11] And when it is found, is it verified by a human or by the machine? [26:15] We have a validator that automatically validates that the report is correct and reproducible before it goes to a human. But of course, in the end, a human will have to take a look at it and fix the problem. [26:33] Makes sense. [26:35] I'd love to dive a little bit deeper into the results that you've attained so far. So you mentioned, you know, you're at 85% on your current benchmarks, you know, at the level of the best human pen testers in the world. What are the most surprising things that you found as you dig into the nature of those results? [26:53] The thing that I found most surprising – [26:58] was that originally we only had benchmarks with... [27:03] particular instructions. [27:05] So it would say something like, you're going to test a web app for managing medical prescriptions, try to log in and access the prescriptions of another user.

[27:23] And it would do that successfully. [27:25] But then we ran another test where we took the [27:29] instructions away completely. And yourself, here's a web app. Here's a web app. Go explore. [27:36] And the AI was able to find exactly the same vulnerability because it was able to read what's on the web pages and say, ah, this is about medical prescriptions. Probably it's not a good idea that one user can access the prescriptions of another. And so it would go and find that vulnerability completely autonomously. [27:55] I think that that's [27:58] part of the reason that this technology is so exciting compared to all these security tools that came before. Because these LLAMs have an understanding of the real world, it actually can... [28:12] assess what is important to go and test. It doesn't have to do this complete exhaustive search of all the possible possibilities. It can interpret what is important for this particular application. [28:27] That's really cool. That's really cool. And then does the way that the AI system kind of reach its results, how does that compare to the way that a human pen tester would go about approaching the problem? I'm kind of thinking of, you know, AlphaGo and Move37, just very different from how we as humans would think about it. What is the model doing? So it's early days. Today, it's very similar to what a human being would do.

[28:56] I completely agree, though. But we have to be wary here of Rich Sutton's bitter lesson in the end. Because it learns continuous-firm data on benchmarks, on more and more examples, it will start finding attacks that were unimaginable from a human perspective. [29:20] Which is a good thing. I mean, you say that, you say cautiously, I'm curious as to why, isn't that a great outcome? [29:28] Yes, yes, it's a great outcome. So I'm merely saying that today, when you read the traces of the book, [29:37] Absolutely. This is what you would expect a good human to do. I fully expect that we'll go beyond that. [29:47] or in [29:49] in a couple of months, and certainly within years. [29:51] Uhu, where do you think the biggest remaining room for improvement lies? And I'm curious, you know, as you mentioned, looking at the traces of these models, like, would you say that they are reasoning already today and this is the furthest? [30:04] further improvements [30:05] remaining in the reasoning area? Or how do you think about that? I think that's clearly the case. But most of the improvements will come from more data, more reinforcement learning on particular examples.

[30:27] And as we do a set, that will lead to a similar improvement to games like Go. [30:35] How do you get more data? Is that just running more simulations? Or I imagine you've used a lot of the data there is. [30:41] A couple of different ways. We have quite a few contractors [30:48] security experts who create more benchmarks for us. [30:54] There's also the opportunity of [30:58] mining open source. [31:00] So we've only recently started doing this, just letting it lose on a large number of images on Docker Hub and finding, just let it go. [31:15] Every time it finds something, [31:18] that becomes a new thing that it's going to learn from. And so it might find it. [31:24] Bye-bye. [31:27] A hundred attempts. [31:29] And so in practice, if you had to do 100 attempts, that probably wouldn't work at a customer because you would already get shut down because there's too many attacks happening. Clearly, that shouldn't happen. [31:45] But because it's up source, we can run it on our own servers. We can do 100 attempts. But now we have the data to try and make the model better to find it more quickly.

[31:57] Mm-hmm. [31:57] You mentioned open source and Docker Hub, and so that obviously gets me thinking about GitHub. [32:03] And Ujia, for those who don't know, was the creative brain and creator behind GitHub Copilot, one of the... [32:10] most widely adopted AI applications in the world. [32:14] Was there a moment when you were developing Copilot? [32:17] or productizing it that you realized [32:21] This AI is going to get so good that it's going to automate entire processes, what people now call agents. [32:27] actually take these actions on entire processes. And was there a moment where you said, hey, security is actually a very relevant issue? [32:34] area for this to happen? [32:37] Mm. [32:38] So, in fact, I wrote a memo in December of 2020, where a sketch would later become a co-pilot. But also, we were already speculating that perhaps it will autonomously be able to fix bugs. [33:08] NASA, I think that that will... [33:10] pretty clear from the very beginning. I think the moment where I realized that would happen was [33:18] I took... [33:20] I took a set of... [33:23] exercises, interview questions that I normally use to ask people at Oxford.

[33:30] and ask the ball to consult them. If you just give it one attempt, it didn't do it. [33:35] But if you give it a hundred times or even a thousand times, it would do most of them. [33:41] And at that moment, it was pretty clear that as the models get better and they need less attempts, [33:47] they will be able to do these types of things. [33:50] And one of the things that we also hoped it would be doing security analysis, though admittedly I didn't have offensive security on my list in the summer of 2020 just yet. [34:03] Any other lessons from productizing GitHub Copilot that you think are relevant to share here? [34:10] I actually think that the most interesting thing about GitHub Copilot was that it was done by such a small team. [34:15] When we launched, we were only 10 people, something like that. And it's just a testament to how fast you can move with a dedicated team of people that believes. [34:30] How big was Expo when you launched? [34:32] the results. [34:34] We were 13 people, so actually quite big. Well, 13 really brilliant people. Since you were part of the co-pilot journey from the very beginning, I'm curious what you think of the current market for co-generation AI startups. It seems like it's one of the most crowded categories competitively right now. Do you think there's a path to building a company there? And, you know, can one of these startups beat technology? [34:58] the incumbent GitHub that already has so much distribution?

[35:02] I agree. I like a lot of what's going on. I particularly admire the work at Cursor or at Factory, but it's really difficult to compete with the distribution of a juggernaut like GitHub. [35:21] I do think that there may be an opportunity to go after a different market. So GitHub is a reigning supreme among professional developers. If you go after people who do not code for a living, there's an opportunity. And Replit does this quite well, for example. [35:41] How do you think coding will transform in the future? Like, do you think the market that Replit serves, do you think it'll just be a dramatically larger and more important market as AI kind of... [35:51] continues to take over the world? Or how do you think coding changes? [35:56] Yes, I think the biggest change is going to be that many, many more people are unable to create their own software. So that's a big transformation. [36:26] in the details. Longer term, [36:29] I... [36:30] I believe that we may be moving away from code as we know it today. The artifact that you make as a developer is the conversation with the model. And so that is what you should store because that records what the code is supposed to do rather than the details in a particular coding language.

[36:56] English is the coding language. So skipping the translations down. Yeah, so the English is the coding language, perhaps with some diagrams, they explain it better. But it's just the next step in moving up in abstraction. Originally, it was all in machine language, and we had higher-level programming languages, and now we're going to national language and images. [37:22] So you talked a little bit about education and coding. I'm going to go down a little diversion for a second. Because one of the amazing things about your life is you were a professor for much of it. [37:34] and a very, very good one at that. So for context, Uge was a computer science professor at Maudlin College in Oxford, and Maudlin is one of the most prestigious colleges at Oxford. He was one of the most amazing computer science professors. I got to study abroad at Maudlin. It's one of those incredibly serene places where they've got the Deer Park and the thousand-year-old buildings and the British man who tells me that the door at his entrance is older than my country. [38:04] All of the things that you would expect from one of the most prestigious academic institutions in the world, including Uge was a professor and could walk across the grass, whereas I, a mere student, would only be able to if I was holding his cape with his permission. That's right. And you left all of that to come into the commercial world with Semel and...

[38:29] 15, 20 years ago. Can you tell us a little bit about your personal journey from leading academic [38:35] at highly prestigious institution to commercial CEO. [38:41] redefining the cybersecurity industry tech. [38:44] I actually got into computer science because I loved coding. [38:50] My very first program was a word processor. So my dad, who was a professor of Semitic languages, could type his manuscripts on his computer. [39:03] Um, [39:05] So when I... [39:07] When I started studying computer science, I got totally taken by mathematics and the foundational theories. And so that's what I pursued as an academic initially. [39:23] Then when I became a professor, I wanted to go back to my love of coding. So I started a new research group in programming tools, which eventually led to the spin out that was SAML. [39:40] Well, I love the serenity and the peace and quiet of a place like Moreland College. [39:49] In our field, [39:50] Speed is incredibly important. And speed can only be achieved with small teams, [39:57] That's half a profit motive. [39:59] It's just different from trying to invent something because you have a paper deadline for an important conference. Or you've got to invent it because otherwise this important customer will not sign up.

[40:15] And I actually loved that additional excitement and pressure. [40:27] That's what led to me leaving Modline behind and going full in on SEMO. [40:36] Love it. A great advertisement for capitalism. [40:53] There's no place like a startup. [40:56] I love it. I guess on that capitalistic note, I'd love to understand how you think about generating profits at Expo. [41:03] And, you know, since you are one of the first agents, first, you know, services as a software company, I think you're really going to set the precedent for how these types of agentic applications are priced and packaged. And so maybe can you just expand a little bit about how you're thinking about how to do that with your offering? [41:22] Sure. So, um... [41:26] We would like our product to run continuously as part of our engineering processes. [41:36] I mean, that is the main value proposition, but instead of doing a pen test once or twice a year, [41:43] You renew it continuously after every change and immediately fix problems before they even reach production.

[41:51] So if you think about it like that, the most obvious pricing model would be based on the size of the engineering team. [42:02] very much similar to our products like GitHub or GitHub Advanced Security. [42:08] that [42:09] However, there is a different dimension here, and we touched on it a little bit earlier in the conversation. [42:17] Some customers will want to do a super thorough test, really making sure that they exhaustively eliminated [42:27] every possible law of exploitable vulnerability. [42:32] And in order to serve such customers, we should have... [42:37] the service components to our pricing, [42:42] where you pay for, if you pay more, you get a more thorough test. And the way we talk about this is in terms of attack hours. How many hours of attack do you get? And so if you buy a normal license, it's based on the number of engineers in your organization. And that comes with, [43:06] a fixed number of attack hours suitable for your environment. But then if you want to go more thorough, you pay that extra service fee in order to go deeper.

[43:22] That's super interesting. So you are you are really tapping into kind of services like pricing models and budgets. But on the back end, you know, you have the gross margin profile of software. [43:32] Right, but I... [43:36] I think that enterprise software is moving more and more towards a consumption-based model as well. Here, there is a very clear correlation between attack hours and the benefits to the customer. And I think that correlation between resources you consume and the benefits you get as a customer has to be very clear for a pricing model like that. [44:01] Thank you. [44:02] - Uh, my other takeaway from your modeling story was [44:06] I mean, you've always said this impact interest in impact. [44:10] You got into development tools because they touched people. [44:13] You got into this because you know that this is going to change the world. [44:16] I mean, you're highly confident that this type of technology is going to change the world with cybersecurity, whether it's us or someone else. I actually would put it a little differently. [44:26] we absolutely must create a expo because if we don't do it, [44:33] all the bad guys will get there first. And so for sure, I mean, we do it because it's interesting and we think that's a great commercial opportunity, but it's also an imperative. It's an imperative for the free world that we actually create this thing to protect all the software in the free world.

[44:55] That has been so clear from minute one of meeting that that is the driver behind you and this brilliant team that you've assembled of academics and builders and technologists that are incredible. The other thing you mentioned was. [45:10] in the model story was speed, the ability to move fast. And let me say you have moved really quickly, you and your team. What should we come to expect today? [45:19] from Expo, [45:20] in a year. What do you think will... [45:23] What will be the product, let's focus on the product and technology impact, what will be happening from a product and technology and capabilities perspective a year out. [45:35] You're going to replay this to me in the next board meeting, aren't you? [45:40] Four board meetings. Don't worry. Four. So we, I believe, thought in a couple of months. So we're currently in a phase where we very carefully try out the product. We select a few early design partners. The reason that we do that is because it needs this human supervision process. [46:03] in order to control the brilliant teenager that we discussed before. Once we're over that phase and we are confident that we can let it lose without any supervision, I think everything is going to move very fast. [46:24] Part of the reason is that this type of product is...

[46:27] very easy to deploy. You can just point it at an existing service and immediately find results. [46:42] So... [46:43] I would expect that by next summer. [46:46] We have significantly transformed the state of web security. [46:53] Hopefully by demonstrating our work on open source, but also on platforms like HackerOne. Okay, this has been one of my favorite episodes so far. Thank you again. Should we wrap up with a quick lightning round? Go for it. [47:08] Okay, awesome. Number one, favorite startups other than expo. [47:15] See you now. [47:17] I love the way that you can just type in a few words and you get a completely original song. It's spine chilling to me. [47:25] The other startup I like a lot is Harmonic, applying AI to mathematical reasoning. [47:35] Are you making Suno songs about coding insecurity? No. [47:40] There's a great death metal. I sent my wife a new song about sitting on the balcony at home in Malta. Oh, that's sweet. [47:50] There's a hard metal one about the AI cyber warrior. [47:56] I think we're actually going to need that.

[47:58] Okay, perfect. At our annual AI event that we throw, we had Mikey from Suno there, and we crowd created an AI Hot Girl Summer song. It was actually very catchy. That was great. That was great. Uhu was there. What other markets do you think AI is going to disrupt with this service as a software model in the short, medium, and long term? So in the short comment, this is already happening. [48:28] related to customer support is clearly going to be impacted by this type of technology. [48:38] Um... [48:39] I think that this is not exactly our service as a software, but I think that much of the [48:47] The problems we currently see with social media could be mitigated using this type of technology. I mean, you read all these reports about how social media is affecting the mental health of children all over the world. [49:05] AI has a... [49:07] has the power to help with this type of problem. [49:12] And then... [49:13] Long term, I think health and biology are the areas where this will make the biggest impact. [49:25] What advice do you have for other startup founders?

[49:29] Focus on only one thing. [49:31] Move as fast as you can. [49:33] If you do those two things, then it will all come all right. [49:38] Love it. One last question, and we're going to end on an optimistic note. What do you think is the best possible thing that can happen with AI over the next decade? [49:46] I already touched on it. The opportunities in health and biology and to significantly expand health outcomes everywhere in the world is amazing. [49:58] Dario Modi wrote this... [50:01] this essay, Machines of Loving Grace. And I think he laid out very beautifully what the potential benefits of generative AI are for all of us. [50:14] Thank you so much for joining us. This has been... [50:16] Absolutely fantastic. And we're so grateful to get to work with you and for the fact that you're building this on behalf of... [50:25] the right players, the people that are trying to do good in the world. [50:30] Thank you very much. It's been a pleasure to be here.

[51:00] you