Written by: Martin Dale Bolima, Tech Journalist, AOPG.
Red Hat CEO Matt Hicks was a busy man during Red Hat Summit 2024, having announced, on Day 1, the company’s ambitious bid to open-source Artificial Intelligence (AI). But he wasn’t done yet. He granted media from around the world—including a few from the Asia Pacific (APAC) region—an exclusive roundtable just hours after announcing InstructLab.
The roundtable was freewheeling and, pardon the pun, open, spanning a variety of topics that included Matt’s reflections as Red Hat’s chief orchestrator for three years now. Things “are going fast,” according to Matt, who admitted to losing sleep over figuring out how to amplify open source even further to create an even bigger impact on the community it currently serves.
Guarding Open-Source AI Against Bad Actors
Naturally, the roundtable ultimately delved deep into how open source can keep bad actors from potentially corrupting available AI systems—especially in light of a Microsoft developer revealing in March the implantation of a malicious backdoor in xz Utils, an open-source data compression utility found in nearly all installations of Linux and Unix-like operating systems.
This exposed vulnerability, which was supposedly just a few weeks away from going mainstream before it was flagged and rectified, proved unequivocally that bad actors could compromise open source. It highlighted how the same can happen when AI systems are fully open-sourced as Red Hat envisions them to be.
Matt’s answer was particularly honest and, depending on which side of the fence you are on, it could inspire greater confidence in open source or raise even more questions.
“XZTools, if you’re not familiar with this, I think this was one of the most sophisticated exploits that I have ever seen,” Matt said. “A short summary is, it’s sort of a multi-year effort to build trust in a maintainership role, where a bad actor was able to contribute code in a compression library that happened to sit underneath SSH, which is the technology used to remote connect to machines.”
Matt described the bad actor as “very capable in terms of the exploit that was put in” and that this person “was incredibly sophisticated.” The Red Hat CEO also admitted that detractors could use this incident to “highlight a weakness in open source because this was able to happen.” However, he begged to differ, pointing out how the open-source community was able to quickly spot the malicious code that took years to create and implant.
“I would actually say the opposite happened with this, where this took years to put into place of building trust. This took an insane amount of creativity and expertise to build this exploit and find this library and this path to fit in, and within 24 hours of that thing going live, it was found, all the breadcrumbs were traced down, it was understood, and it was eliminated on it,” Matt explained. “And I think in those cases where if the bad actors spend years doing something, and then in a moment it’s gone and it’s wiped out of open source, that is a very powerful moment for open source.”
Matt is counting on the same with open-source AI, with the ecosystem itself serving as the biggest, most potent defence versus bad actors. He also promised that Red Hat is doing its part but didn’t delve into the specifics, instead saying that Red Hat has “put a ton of energy into creating these checks and being able to understand the quality of code coming in.”
“The difference would be, that done in a proprietary company, [the mistake] potentially lives forever, and the company, depending on the talent they have, might be looking at this patch and exploit and not even knowing what they’re looking at,” Matt expounded. “With Red Hat, our goal is to make these communities as healthy as possible, to bring all the eyes in the world to these challenges, and make sure that if they get through, they also get eliminated in that very fast moment, the minute they see the light of day. So, it’s a challenge, it’s a balance, but I think it’s a huge win for the capabilities in open source too.”
That is, at best, a consolation because of something Matt himself admitted:
“I don’t think we will ever solve the challenge of being able to have a bad actor be able to insert malicious code.”
APAC in a Great Place in the AI Race
Often regarded as lagging behind the US and Europe in tech adoption, the APAC region is, according to Matt, actually well-positioned in terms of AI in general and in open-sourcing it specifically.
“You know, on one side, I would say innovation, capability, skill set wise. This is what I love about open source. It’s not limited to one region or one country,” Matt said when pressed about his thoughts on the region’s readiness for open-source AI. “We will see this be a worldwide effort. I think we already do in terms of AI research capabilities in academia. From that perspective, I think APAC is as strong as any other region.”
Matt, though, sees language as a big challenge that must be overcome if the region is to make the most out of AI, noting how large language models, like ChatGPT, “tend to be stronger in English than in other languages.” But Red Hat’s top man is nonetheless encouraged by “how evolved these models have become” and “how capable the training has become.”
Indeed, initiatives like Project SEALD and SEA-LION, are looking to tailor-fit AI to the language and cultural peculiarities of Southeast Asia, bringing a truly regional AI closer to reality. Matt thinks that might happen within the year.
“When you’re taking the innovation, contribution, academic knowledge, and prowess that’s in the APAC region and combining it with the languages that are natural to the countries and people so that they can use the models as well as someone where English is their native language…, my guess is we will see those things land within the year. And then we’ll be off to the races in APAC as in much of the world right now with AI,” Matt claimed as he looked forward to the region’s exciting AI possibilities.
It is a generous estimation if anything. But Matt might not be too far off—not if open-source AI can fulfil its immense promise.
Archive
- October 2024(44)
- September 2024(94)
- August 2024(100)
- July 2024(99)
- June 2024(126)
- May 2024(155)
- April 2024(123)
- March 2024(112)
- February 2024(109)
- January 2024(95)
- December 2023(56)
- November 2023(86)
- October 2023(97)
- September 2023(89)
- August 2023(101)
- July 2023(104)
- June 2023(113)
- May 2023(103)
- April 2023(93)
- March 2023(129)
- February 2023(77)
- January 2023(91)
- December 2022(90)
- November 2022(125)
- October 2022(117)
- September 2022(137)
- August 2022(119)
- July 2022(99)
- June 2022(128)
- May 2022(112)
- April 2022(108)
- March 2022(121)
- February 2022(93)
- January 2022(110)
- December 2021(92)
- November 2021(107)
- October 2021(101)
- September 2021(81)
- August 2021(74)
- July 2021(78)
- June 2021(92)
- May 2021(67)
- April 2021(79)
- March 2021(79)
- February 2021(58)
- January 2021(55)
- December 2020(56)
- November 2020(59)
- October 2020(78)
- September 2020(72)
- August 2020(64)
- July 2020(71)
- June 2020(74)
- May 2020(50)
- April 2020(71)
- March 2020(71)
- February 2020(58)
- January 2020(62)
- December 2019(57)
- November 2019(64)
- October 2019(25)
- September 2019(24)
- August 2019(14)
- July 2019(23)
- June 2019(54)
- May 2019(82)
- April 2019(76)
- March 2019(71)
- February 2019(67)
- January 2019(75)
- December 2018(44)
- November 2018(47)
- October 2018(74)
- September 2018(54)
- August 2018(61)
- July 2018(72)
- June 2018(62)
- May 2018(62)
- April 2018(73)
- March 2018(76)
- February 2018(8)
- January 2018(7)
- December 2017(6)
- November 2017(8)
- October 2017(3)
- September 2017(4)
- August 2017(4)
- July 2017(2)
- June 2017(5)
- May 2017(6)
- April 2017(11)
- March 2017(8)
- February 2017(16)
- January 2017(10)
- December 2016(12)
- November 2016(20)
- October 2016(7)
- September 2016(102)
- August 2016(168)
- July 2016(141)
- June 2016(149)
- May 2016(117)
- April 2016(59)
- March 2016(85)
- February 2016(153)
- December 2015(150)