[0:55] AI Article: Explore the Ever-Evolving World with Mikko Hypponen

Rachael: Welcome back to the podcast Mikko Hypponen. He is the chief research officer with secure global security expert, speaker, and author. He works as the principal research advisor at F-Secure. You have so many accolades, Miko, I don't even know where to start. I mean, you've taught, you've lectured at Stanford, Oxford, Cambridge. You've been named Global 100 Thinkers List. I am just so excited that we have a chance to talk to you again, particularly on this really fun conversation around AI. 

But I'd love the jumping-off point because recently you've been on a book tour. You have this amazing book that's come out and now it's seeing all this great success and being translated into all these different languages. And I'd love for you to share a bit about that with our audience, but also kind of what's changed since you first published that book.

Mikko: The thing I love about working in cybersecurity is that there's never a boring day. I go and do a lot of briefings to customers and clients like meeting leadership teams and boards. I never have to repeat the same thing, the same stories. There are always new case studies and new problems to be solved and there are always new threats. Of course, that's not good news, but it does keep. I mean, I always keep telling people that I haven't had a boring day at work yet. And I've been working in this field for 32 years. So I think that's a pretty good testament to how much the field is changing all the time.

Rethinking Our Generational Legacy in the Age of Artificial Intelligence With AI Article

Audra: So how have your views changed since you wrote the book? Do you still believe in everything that you put in there? Or have there been any kind of compelling things that have happened as every day is different that have made you change some of your thoughts or opinions?

Mikko: I made one big mistake when I wrote the book, which I don't think I could have avoided. But in hindsight, I clearly got one crucial fact wrong, which is that I tell in the book how we and our generations will forever be remembered as the first generation which got online. That's the biggest accomplishment we make whenever history books hundreds of years in the future. Describe the early two thousand. The first thing they'll mention is that these were the first people who went online. Mankind was offline for a hundred thousand years. 

Around the late 1990s, or early two thousand, they went online and now we will be online forever. That's what I wrote. That's what I believed at the time around 18 months ago when I finished the manuscript. If I had to think that again now, I think it's perfectly possible that our generation will not be remembered forever as the first one that went online. It might be that we will be remembered as the first ones, which gained access to artificial intelligence. Because that seems more likely every day, and that's pretty wild. The world is changing very quickly.

Unraveling the Power of Artificial Intelligence in AI Article

Rachael: Absolutely. There was this amazing SC Media article where you and the CEO of your company were quoted. And I have some of these soundbites that I thought were fantastic. We're living the hottest AI summer in history and it's going to be hard to keep up. But also reality as we know it is over and this revolution has the power to shape the world for the better or worse. Particularly around DeepFakes and how you discern what's real and what's not real. I would love for you to expand a little bit on that from your perspective.

Mikko: Yes, it's really interesting. It's amazing how long this company WithSecure, which used to be F-Secure business, used to be Data Fellows. It's amazing how long this company has been involved with artificial intelligence. Even though we've always been a cybersecurity company. The guy who founded the company Mr Risto Siilasma, when he was studying at university, he wrote the first articles for local computer magazines about artificial intelligence. And this is 1987. So 1987, the guy who still is the chairman of the company was researching and writing about artificial intelligence. 

Naturally, this translated to this company starting to build automation and machine learning systems fairly early on. We've been doing fully automated malware detection with malware with machine learning for 18 years now. So 18 years ago, the world was quite different. For 18 years we have been waiting for the enemy to catch up and the barriers to entry for building complete automation or using these automation frameworks, they've been too high. But over the last year, the barriers have completely come down. 

Unveiling the Potential of AI-Powered Attacks

Mikko: Now we are seeing real attacks done by our enemies. Not just deepfakes, but for example, malware, which uses a large language model to reroute its own code. There's still one big thing that I'm waiting for which hasn't happened yet. And that's going to change the world again, and that's going to be fully automated. Automation of malware campaigns, they could have done it already. The technology is out there, but we haven't seen it yet.

Audra: So you talk about in some of your talks like the one that you did in May this year about cyber crime unicorns. Is that what you're referring to, the ones who are going to actually automate the attacks or what do you actually mean by that?

Mikko: It's simply a reference to startup unicorns or unicorn companies. The nickname we have for the wealthiest and the highest-valued technology companies out there. And if you think about cybercrime gangs with the same lens, you'll see that gangs like Lock Pit, orlop, alpha, ransom X, and maybe black pasta, all of those. If they were companies, they would be unicorns. You look at their revenues, you look at their growth rate, you look at how much money they have in the bank. 

Well in Bitcoin, and if that would be a legal entity, it would be a unicorn. That's a scary thought because wealth makes them powerful. They can run their operations in a manner that resembles traditional real-world organized crime gangs. More and more they have organizations. They have middle management, they have physical offices, and they pay salaries to their employees. They have HR departments recruiting new employees to join the gangs. And they have lawyers.

[7:42] AI Article on the Intriguing Evolution of Ransomware Gangs

Mikko: Yes. So this is not the development we like to see. But that's the direction we going towards and that's interesting where the money came from. Because it's not just the fact that attacks like ransomware have been making so much money. It's the fact that it's been making money for many years and these gangs have been keeping their wealth not in their bank accounts, but in Bitcoin. Imagine having a million dollars in Bitcoin five years ago and sitting on it for the last five years. It's grown a hundredfold and this is one source of the wealth that these gangs now control.

Audra: So where do you see them going because then how do we know that they have an HR department?

Mikko: Oh, we do know because there's leaks, there's been multiple leaks from these different gangs. Some of their internal chats have been infiltrated and so on. So we know they run these fairly professionally. We don't have direct evidence of this, but we believe. And I've been told by another researcher that there's this one gang, that has a business analyst working for them. 

The whole job function of that analyst is that when the gang uses ransomware attacks against large companies. The first thing they do is steal the financial figures and bookkeeping information, which they will then give to the criminal gangs' analysts. This means he can come up with a money figure. Here's how much money this victim could pay us tomorrow, here's how much money they have in their bank account. 

Exploring the Professionalization of Cyber Attacks In AI Article

Mikko: How many publicly traded stocks do they have, that they could sell overnight? How much loans they have, and that totally changes the negotiation or haggling that the companies go through that decide to pay the ransom. Everybody tries to talk the price down. But in this case, the attackers know exactly how much money you have in the bank.

Audra: Excellent. So they're looking at you.

Mikko: You think it's excellent? I think it's horrible.

Rachael: Exactly.

Audra: I think it's amazing that it has become that.

Rachael: Exactly. Yes,

Audra: Professional wise. So you have to think about when we do marketing campaigns or we go in, we've done an event, we have a proposed ROI like return on investment from that. This is the return on investment in cyber attacks.

Rachael: Right? You got to hit your annual KPIs, Audra, you got to hit.

Audra: I know, sorry. It's terrifying, but it's impressively professional.

Rachael: Yes. The business of I guess ransomware and it's big business.

Mikko: It is big business, but what we do have to remember though is that although we focus on ransomware as a particular problem a lot for a good reason. It is a very real, very big problem. It's not the only problem. Things like business email compromise are making massive amounts of money as well. And of course, ransom attacks using denial of service attacks and just traditional data theft. 

But the thing that worries me about business email compromise and basically all kinds of scams is the automation we are likely to see thanks to large language models. An easy example is romance scams, which is a very well-known and huge problem. Not an enterprise problem, but a consumer problem.

[11:08] AI Article on Linguistic Automation and the Changing Landscape

Mikko: But most of the scammers scam one victim at a time or maybe two or three victims at a time, and they can only scam the people whose language they speak. Imagine using these modern large language frameworks, which completely can automate the process of scamming from doing manual scamming to scamming thousands or tens of thousands of victims at the same time, across all language barriers. These things are really powerful in the right hands and really destructive in the wrong hands.

Audra: The thing is not the romance ones as far as I'm aware, but certainly the email compromise has picked up massively in Middle Eastern regions recently. Truly down to the fact that they can actually do accurate translations that are linguistically appealing to people to get them to click on links and things like that. And the rise on that is already happening.

Mikko: Yes, I'm a great example of what I mean is that I speak a language that is complicated and not really speaking very widely. My home language is finished. There are 5 million fins. It's one of the toughest languages in the world. When I test large language models like Claude from Tropic or GPT from Open AI, these models are amazing. They speak probably better Finnish than I do, and I am a Finn and no one has taught these systems the language at all. 

They've only been given all the Finnish content, all the Finnish books, magazines, newspapers, Twitter posts, and Reddit posts. It dreaded all, and it picked up the language. Sort of like how we humans pick up the language and the end result is quite amazing, which is again, exciting and scary at the very same time.

Strategies for AI Article Cybersecurity

Audra: So considering all the threats and that they're going to get more due to people using AI to actually help and automation and those sorts of things. How are we going to counter these techs? How are businesses going to counter it? And how as organizations that do cybersecurity, could we look to counter these types of attacks?

Mikko: So there are quite different problems. Let's first speak about the malware automation of malware campaigns, which I mentioned. We've been building automation on our end on defense end for years and years, as I mentioned at Wi Secure for 18 years today. Practically all cybersecurity companies. Well, I'm certain all cybersecurity companies heavily rely on machine learning and automation and large language models and frameworks of all kinds, which means we have a headstart. 

The good guys have a head start. We've been building defenses using automation for years and years, which translates into speed. When there's a new exploit out there and someone starts scanning the internet looking for vulnerable machines. Or when there's a new malware campaign where email is being sent out with malicious attachments or malicious links. Security companies spot these amazingly quickly because we run all these honeypots and honeynets. We collect massive amounts of network traffic.

We use automation to find anomalies. And our systems are able to pick up which anomalies are attacks and which ones are not. We automatically collect samples of the attacks, analyze the samples, and make the call automated in an automated fashion. Whether it's good or bad, build detection, automatically test the detection, deploy detection, everything happens, it's amazing how quickly security companies can react. 

[14:54] The Upcoming AI Article Challenge

Mikko: Today thanks to this automation which has been built over years and the attackers on the other side, they are still slow. They are still at human speed. Their reaction takes hours or days when our system picks up a bad URLA bad domain, bad website, and we block it and the attackers do nothing. They wake up the next morning and then they realize that it's been blocked and then they manually go and register a new domain name and change their settings. It's slow.

I've used a comparison that it's like a game of pinging pong where on one side of the table is a human ping pong player and on the other side it's a robot, which is of course much faster. And when this changes, it could change tomorrow. Then we have a game of ping pong where you have a robot on both sides of the table. 

And we believe, I believe, I hope, I wish that we are faster thanks to all the work we've done for years and years. But that's all it is. It's a hope wish, a dream. We won't actually know until it happens and it will happen soon. So we will see this soon. But I suppose the answer to your question is what can we do? It's going to be AI against AI. These kinds of attacks will not be fought in any other way.

And then when we look at other problems beyond malware, malware automation, or malware campaign automation, DeepFakes. Well, that's a little bit different problem. We can try to build again, AI fuel technologies, which will spot deep fake voices, deep fake images, and deep fake videos. But that's pretty hard to actually do. 

AI Article: Navigating the Deep Fake Challenge in Cybersecurity and Media Integrity

Mikko: And even there, it depends on what kind of deep fakes do you want to fight. Are you interested in fighting a phone call, that pretends to be from your CFO? Or are you trying to pretend a deepfake on TV where President Biden or President Zelensky saying something that they didn't say? So we have different categories of problems here. The easy thing we should be doing today is to counteract these deep fakes of known publicity figures or political figures. 

We could be counteracting today simply by starting a procedure where all media houses publish the source material of their interviews on some file server somewhere signed with cryptographically strong keys. This then translates to the fact that if there's a video clip of someone saying something weird, anybody who suspects there's foul play involved, could go to the source material and double-check if that's exactly what was said originally or has it been modified.

And since we would have the original files they would've been signed, we could tell what's real and what's not. I'm not estimating that everybody would double-check everything, of course not. But it would be enough for one person to figure out that this isn't real and blow the whistle and that would solve the problem for mainstream broadcast deep fakes.

Audra: But on a more kind of enterprise-level and protecting against effectively maybe attempts at fraud, the whole kind of using audio only and doing a deep fake. Because you can literally do a recording of your voice for 30 seconds a minute. And then write what you would like yourself to say and get something sent out there. 

Defending the Human Link

Audra: And so the sort of ones where your CEO says yes, you need to go in and sort out this outstanding amount that needs to be sent to this account. The challenge on that is the live human bit in terms of how you get the live human to not kind of go, oh my God, I really need to do this really quickly because my CEO says so.

Mikko: Yes, that's a tough problem, and we have no technical solution to that problem. It really is then a problem of educating the users. And these kinds of issues, they seems like an unmanageable problem, like how the hell are you ever going to stop all of these problems? But it's a much bolder problem when you realize that the targets of these kinds of BEC or CEO scams or financial scams altogether are a very limited amount of employees within an organization. 

How many people do you have in your company who can actually move company money? Most people can't do that. It's a handful of employees even in a large organization. And those are the ones that you have to train, especially against this. They have to understand how these attacks are really pulled off, and how it's really being done by the criminals. And once they have been educated on these topics, they know how to follow a procedure.

And some of the tricks these BEC cameras pull off even without deep fakes are pretty remarkable. There was one case I was researching where the first thing the attacker did when he got a financial clerk on the phone and he was pretending to be the chairman of the board. 

Exploring the Future Roles in Cybersecurity With AI Article

Mikko: The first thing he said to the clerk was, listen carefully, I'm putting you on our insider list effective immediately. Everything I'm about to tell you is confidential and you must not discuss it with anyone except me or our general counsel. Do you understand yes or no? And that's a really powerful move if you pull it off. If the victim believes that he or she really is on an insider list, then he or she can't just go and ask for help from his colleagues or her colleagues. It also accomplished the other thing that many of these scams rely on, which is boosting the self-importance of the victim. 

So you could sort of imagine the clerk coming from the meeting and the office friends asking, hey, what was it? What did the CEO ask you to do? And he or she will be that, unfortunately, I can't tell you what we discussed, it's a secret. So suddenly I'm more important than you. I'm trusted, and that makes you more compliant with whatever the attacker wants to pull off. These are psychological tricks, and the way we counteract them typically isn't through technology, it's by education.

Rachael: It's interesting you say that Mikko, I was reading an article this morning in ACIO journal was talking about. I guess the Wall Street Journal was talking about future positions, right? Roles, and technology roles that would come open in the age of AI, and one of them was an AI psychotherapist.

Mikko: I saw this story actually, that was a great article.

Rachael: And that's what makes me think about it. I mean, AI does create a lot of new job opportunities, so it's kind of interesting to see where that path may go.

[21:58] Navigating the Future Job Landscape with AI Article Insights

Audra: Was the psychotherapist for the machine learning technique or was it for the humans who are actually dealing with it?

Rachael: It's actually putting the models on the couch, what they call it. Evaluating a model's upbringing and scrutinizing its training for errors and sources of bias.

Mikko: It might not have been completely serious about this but yes. And that's one of the, when you think about how the world is changing regarding how our jobs are changing. One mistake I'm a little bit worried about is that companies and leaderships in companies are a little bit too fast in trying to replace humans with machines. 

I think humans, yes, are more productive with these automation systems and generative AI and large language models, but replacing a big part of the workforce with Python scripts isn't here yet. And I don't think it's going to be here for a while. I do believe our work is changing, but I don't think your position is going to be taken by AI. It's probably going to be taken by another employee who's better with AI than you are.

Rachael: Right, exactly. It is interesting, prompt engineering. I mean, that's bubbling up very quickly into a needed skillset as chatGPT and others have just exploded. And that's a very real upskilling need.

Mikko: That's one thing why actually seeing other people's prompts is actually really powerful. I especially see this when creating images. As you might know, when you use MidJourney to create images, the interface is Discord, the chat application, which means you'll see other people generating images in the same channel as you are. And you'll, well, I steal from their prompts all the time. 

Navigating the Complex Landscape of AI, Copyright, and Creative Commons: An AI Article Discussion

Mikko: They have nice settings or resolution modifiers or they change the aspect ratio of the images. Or they use specific keywords to get some kinds of lenses or camera types or film types. And if it looks nice, I'll steal it still with pride. But the thing here is though, I mean, I know when you generate these images, they're typically copyright-free or let's say MidJourney 5.1 generates images that are under Creative Commons 4. 

This means you could print the images on a T-shirt and sell the T-shirts for profit, and that will be legal. But is it really that clear? Because all of these images that are underneath the engines are photographs or drawings made by photographers and artists. And this is, I don't think we are really anywhere near having real rules on how these large language models can use existing copyright and trade market content.

Rachael: And that was the crux I think of the recent, Writer's Guild here in SAG AFTRA strikes in the us. What is the recourse if they just take your likeness and then use that for some other thing and don't pay the artists for that creation? I mean, it's tricky, but I think that leads to a really interesting conversational regulation. I mean, we're so early in the AI game, relatively speaking. How do you regulate that or how do you address all these different areas of concern?

Audra: Who has the right to regulate it?

Navigating the Path to AI Regulation

Mikko: I think actors and singers and what have you probably won't have any real beef with the fact that someone's generating content using their creation. There's a movie and you can change the actors to whoever you like as long as the actors are getting paid for it. If their likeness or voices are stolen and used by others, I think that's a much bigger problem. Then again, maybe they don't want to appear in a particular type of movie, and what kind of movies I'm immediately thinking about here? So this is a complex problem.

We have new technologies, which we'll be able to generate great benefits and great new problems. All of this is exciting and scary at the same time.

Rachael: Yes.

Audra: But where do you see the regulation coming from? Because I know the UK we're standing up saying, we're involved with AI, we should actually help lead the world in how we regulate it. And you kind of go in comparison to whom which, where do you think that kind of regulation should come from? Should it be the industries that are being impacted or the government or where do you see that or where do your musings take you on that?

Mikko: The EU has been building the AI Act for two years. It's about to be ratified and then it's going to be passed into law in member states. We'll probably have real concrete regulation from the EU in a year and a half, something like that. And then we'll see just how successful it was in doing what it aims to do. There are some things in the drafts of the EU AI Act that I really like. 

Navigating the Path to Self-Aware Superintelligence With AI Article

Mikko: For example, the fact that when we humans are interacting with artificial intelligence, and it's not obvious that it's artificial intelligence, humans should be told that this is AI. That this tech support engineer jack that you're speaking with on the phone isn't actually a human. And I think this is important also. I believe that a very big part of, for example, tech support will be done better by machines than by humans. Because tech support AI has read and remembers all the manuals and it has the full list of all possible problems in his or her head, and they can email or chat or speak with you just like a human can. 

But when we interact with things like these, and they are not humans, but look or act like humans, I think it's important we must not be, when we get closer to more powerful models, we must not give certain rights to AI things like right for ownership. And I know this sounds a little bit like a science fiction plot. But if the idea of self-aware superhuman intelligence is scary, what's even more scary is the idea of self-aware superhuman intelligence, which has a billion dollars in its bank account

Audra: That I agree with.

Mikko: Then it can just bribe itself to wherever it wants to go and do whatever it wants to do. And of course, these kinds of technologies are probably superior in making money. They are probably well equipped in trading stocks or cryptocurrencies or what have you. If they can set up bank accounts or incorporate companies, they could certainly do that. And I think that's a prime example of a bad idea.

[28:52] AI Article Insights: Navigating the Complex Landscape of AI

Audra: So do the EU regulations cover things around privacy? So if I'm a human and I'm interacting with AI, how do I know that what I'm saying or how I'm interacting is actually, I don't know, GDPR compliant?

Mikko: Yes, it mentions both sides of privacy when it comes to teaching large language models or machine learning in general. When they're teaching the original models, where the information comes from, how they are allowed to use information. If it's trademarked or copyrighted information, what are the rules on that? And then both the reinforcement learning, which is done by the companies themselves, and also the learning gathered from the interaction with the users or what are the limits of using that information to train the models further. 

And when you talk with companies that are writing their own internal AI policies nowadays, that's a prime example of what they're trying to fight right now. How to prevent the in-house lawyers from pasting drafts of confidential agreements to ChatGPT to rewrite them to be more understandable, how to prevent the coders from sending proprietary code with, I don't know, API keys or what have you, secrets into code X or copilot or elsewhere. So this is a key to using these technologies as well. The benefits are enormous, but there are pitfalls that we have to be aware of.

Audra: Yes, absolutely. So I have a question for you that's a little bit running off on a tangent actually. When I meet people like you who have quite an amazing background and have taken quite an interesting route to end up where they are. 

Mikko Hypponen's Path to Expertise

Audra: I think it's quite interesting to discuss your origin story and how you actually ended up where you are because you've been to a lot of places and it doesn't look like it's been a very direct route up the mountain. So it would be great if you'd be happy to share.

Mikko: Sometimes people ask me that, Hey, Mikko, you're a cybersecurity expert. How do you become a cybersecurity expert? What's the road to becoming an expert? And I always tell them that the way you become an expert in any field is that you pick a subject, then you work in the area forever, and then eventually everybody believes that you're an expert because that's basically what I've done after 32 years. Everybody believes I'm an expert, but there's no magic here. I've just been around forever and I've seen the whole industry change from the very early days when there was no cybersecurity industry at all to where we are today, a multi-billion dollar international behemoth. 

It's quite crazy. But I started as a programmer, I started programming as a teenager. I sold my first published commercial program when I was 17, like utilities and games. Of course, I wrote a series of published adventure games early on in the 1980s. I was born in 1969, so I've been doing this for quite a while. In fact, sometimes people talk about how old the internet is, and I always mention to them that I'm older than TCP IP. DARPA had the first IP networks running in December 1969. I was born a little bit before that. So how old is the internet? It's this old, that's what I tell people.

AI Article: The Assembler Journey

Mikko: The route from writing programs in the 1980s to reverse engineering malware is actually fairly straightforward because of writing code in the eighties. If you wanted to get any kind of performance out of the systems like my first CPU was one megahertz CPU, which is ridiculous considering how slow it is. So you had to write with the fastest possible language, which means assembler. I wrote all these utilities and games in the assembler, I didn't even have an assembly compiler. 

I wrote it in machine code with an assembly monitor, which gives you a lot of low-level expertise, which means you can look at other people's code without source code. And I understand what the code is doing because you've written so much code at the low-level assembler by yourself. So then in 1991 when I was at my first real job working as a database programmer and the company was also doing security work on the site when we got a very first virus sample sent to us on a five and quarter inch floppy disc, my boss gave it to me and say that, Hey, Mikko assembler, can you try to figure out what this code does?

And it took me several days. This was a completely different system. I hadn't done X 86 assembler before, but I figured it out. I printed the code on a stack of paper took a pencil and spent a couple of days. But I did figure it out, and it was kind of interesting. I thought, well, I kind of like this. It's kind of playing a game of chess against an unknown attacker. They're trying to build up things that we cannot decode. 

The TED Talk that Transformed Mikko’s Cybersecurity Journey

Mikko: And it feels kind of good when you can decode what they're writing, sort of like challenges. And that's the road I'm still on. I did Rivers Engineering for several years. I built up our lab functions, expanded our lab to three different continents, and all that. But I think the real change in my daily work after that was in 2011 when I got an invite to go and do a talk at the TED conference, and I did a TED Talk, which went online on YouTube and is still today, it's still today there on their channel, has millions of views.

One of the most-watched cybersecurity talks in history. And when you do a TED Talk, then your phone starts ringing. Initially, it's like all these speaker agencies that, Hey, you're now a TED speaker. We would like to represent you and all these conferences around the world would like you to come and speak. And that's what changed. Then my daily work quite a bit. I was already doing a lot of talk at industry conferences, black hats RSAs, and virus bulletins. 

But this then opened up the doors to all kinds of conferences, not just technology, not just it, but anything because you're now a TED speaker and people want to see you on stage. So I still do a lot of research and I do all of my own research, but it's not really research for reverse engineering a new malware or detecting something. It's research I do for the presentations I keep. I've been doing it for over 10 years now, and I kind of like it.

Audra: So when in your evolution, personal evolution, did AI first become something you actually really got involved with?

[36:07] Predictions From the 1983 AI Article to Today's Technological Marvels

Mikko: I actually have the first magazine that I read, which had an article about artificial intelligence, and it's from 1983. I had to track it down, but I managed to find a copy of it. It's quite amazing because this 40-year-old, literally 40-year-old magazine has a really correct forecast of artificial intelligence. And eventually, we will have fast enough computers that will be able to learn, given enough data, and they will be able to accomplish tasks like humans. 

And that's what we have today, 40 years later. But it did take several technological revolutions. I mean, the first thing we really needed was the internet revolution, which converted all information to data before internet news, and newspapers, and books were paper. Now, of course, everything is data thanks to the internet. Second, revolution storage, or cloud as we call it now. We actually have mechanisms for storing all that information, which means it can be used for machine learning. And then the third revolution, which is computing power. It's quite insane how fast computers today are.

And if you look at the three-nanometer technology, for example, inside iPhone fifteens, it's like magic. I can't imagine how difficult it is to build these things. It's the most difficult thing to do in the world. It's easier to put a man on the moon than to build one of these chips with three-nanometer technology. But the end result is that when you combine these into these GPUs built by companies like Nvidia a company like Microsoft buys them in tens of thousands and puts them into their Azure data center. 

Unraveling the Evolution of Artificial Intelligence

Mikko: We end up with the kind of capability where we can actually take all the finished books, give them to a large language model, and it picks up the goddamn language. I can't understand how it's possible.

Audra: Excellent. Well, omega translating your book into multiple languages is a lot easier.

Mikko: That's true. It's interesting. My book has been now translated into five languages, including Ukrainian, which is being worked on right now. All the publishers still use humans to do the translation, but I suppose their work is at least helped by large language models already.

Audra: I would think so. So looking forward, where do you think AI is going?

Mikko: I do believe we will see human-level intelligence. And the timeline I'm giving to that is that I think we're going to see it during my lifetime. I mentioned I was born in 1969, so somewhere in the upcoming decades, but I don't think it's too far away. And I also believe as soon as we're going to hit human-level intelligence, we're going to hit super intelligence right after that because there's no limit or reason why the level of development would stop at the human intelligence level. There's no law that says that intelligence and creativity have to come from humans or animals or let's say from meat. There's no law that says that creativity and intelligence couldn't come from technology. So yes, that's where we're going. 

AI Article: Navigating the Unpredictable Future of Technology

Mikko: And it's again, exciting and scary, but we tend to think that we control whatever we build. And here we might be wrong when we are building systems that are smarter than ourselves, we might not be able to control them. Then again, we can't even control our kids, so how could we control these? 

Rachael: Excellent. So true. So one more question though. When's the next book coming out?

Mikko: Oh, that's a great question. When my phone started ringing in 2011, after the TED Talk, some of the calls were from book publishers. Hey, Mikko, you should write a book. All Ted speakers. Write a book. Write a book. So I started writing a book in 2011 at the same time when I was doing 180 flights a year and traveling to different places, it's, it wasn't really going anywhere. 

I tried writing a book on planes airport lounges and hotels. 10 years later, I was still writing it, so it wasn't working out. What really changed the game for me was the pandemic. Then I had no excuses. If I'm writing the book right now, there's nothing distracting me from writing the book. So I did write most of the text during the pandemic, which really worked out very well for me. And now when people ask me, when is the next book coming? It's coming when the next pandemic hits.

Exploring the Future of AI With AI Article

Audra: It's good focus time.

Rachael: Absolutely. Well, hopefully, there won't be a next one, but who knows, right? I mean, that's the wonderful thing about life. We just don't know what's going to happen in the next five, or 10 years. But I would love to see a new book. I think you've got probably a screenplay in you that would be amazing as a movie. So I'm a huge advocate. If you need someone to read that screenplay when you have a draft, I'm happy to be here to do that.

Mikko: I'll keep that in mind.

Rachael: It'll be so good. Well, Mikko, thank you so much for joining us. Again, been such a wonderful discussion. Really appreciate your thoughts and your insights on AI. I mean, it's just so interesting all the questions we have around it and what's going to happen. It'll be interesting to circle back in a year and what's changed. I suspect it's going to be quite a dynamic change as well. And that would be a lot of fun to have that conversation in 12 months and see what's been going on and what's next. For sure.

About Our Guest

Mikko Hypponen is a global security expert, speaker, and author. He works as the Chief Research Officer at WithSecure and as the Principal Research Advisor at F-Secure. Mr. Hypponen has written on his research for the New York Times, Wired and Scientific American and he appears frequently on international TV. He has lectured at the universities of Stanford, Oxford, and Cambridge. He was selected among the 50 most important people on the web by the PC World magazine and was included in the FP Global 100 Thinkers list. Mr. Hypponen sits in the advisory boards of t2 and Safeguard Cyber.