Matt Knight spent five years as OpenAI’s CISO. Now he runs what colleagues call “the most interesting job at the company”: leading Aardvark, an AI agent that finds security vulnerabilities the way a human researcher would—by reading code, writing tests, and proposing patches. It recently found a memory corruption bug in OpenSSH, one of the most heavily audited codebases in existence.
Matt Knight spent five years as OpenAI’s CISO. Now he runs what colleagues call “the most interesting job at the company”: leading Aardvark, an AI agent that finds security vulnerabilities the way a human researcher would—by reading code, writing tests, and proposing patches. It recently found a memory corruption bug in OpenSSH, one of the most heavily audited codebases in existence.
In this conversation with a16z’s Joel de la Garza, Matt traces the evolution from GPT-3 (which couldn’t analyze security logs at all) to GPT-4 (which could parse Russian cybercriminal chat logs written in slang) to today’s models that discover bugs humans have missed for decades. They also discussed the XZ Utils backdoor that nearly compromised half the internet and why 3.5 million unfilled security jobs might finally get some relief, and how Aardvark could give open source maintainers a fighting chance against nation-state attackers.
If you enjoyed this episode, please be sure to like, subscribe, and share with your friends.
Follow Matt Knight on X: https://x.com/embeddedsec
Follow Joel de la Garza on LinkedIn: https://www.linkedin.com/in/3448827723723234/