My idea of the architecture of Pwno, is in someway similar to OpenAI at early stage, in a way we have a clear mission, that’s hard but important enough to take the effort working on it.
Our goal is clear, make AI agents that solves the memory-security issue, competing against Google Deepmind/Project Zero - the one of few only team other than us that have the enough knowledge and time to focus on solving this niche but important question: How are we putting AIs into this part security with higher abstraction and complexity? And how far would it go?
We all seen how important low-level security issues are (Wannacry virus, Stuxnet that compromised Iran nuclear plants, chromium and redis RCEs…)- we care about low-level security not because but people failed to realize how important it is to put AI in it.
Whether or not if we’re over-complicating the challenge of memory security, two things for sure
- Low-level security is a harder topic compared to traditional security, in a way related to it’s depth (abstractions and complexity)
-
It requires more understanding of fundamental knowledge to support a valuable finding.
LLMs scales incredibly well, a lesson probably thousands of Y Combinator startups would tell you. On the other hand, it’s highly programmable. If one agent workflow is able to go relentless in depth for memory-safety implications - think about what tens, hundreds of agents researching on thousands of commits brings to the codebase that backs the internet: ffmpeg, nginx, linux, gpu drivers…
I am sixteen, which might be too young for some problems for me to solve, which is a pain-in-the-ass. I am so damn eager to solve this problem that I love, but I am also at the point in my life where, to decide if I should stayed in high school to solve it with the PhD route, or just dropout now and work on it in a way I can be fully devoted.
I am happy I find a question that I like and matters, honestly I don’t care how I going to work it, via Pwno, for other startups, join Google, OpenAI if I’m given the chance, honestly I just want to work on it, best if with people we can mutually learn with. I like it, from a bit selfish perspective: because it brings my curiosity and nerves back on every time; from a little bit greater perspective, I feel like this is what I should be, or I am the one to work on this question. I started out on memory security when I was eleven, draw into AI/ML space with my intern at Tencent when I was fourteen… but mostly importantly, I am young - again - I’ve time to waste.