The world is a better place thanks to open source code, so your reflex might be that generative AI models should be open too. OpenAI has abandoned that idea and Mikko Hypponen, security star and contemporary of Linus Torvalds, understands why.

AI has been the main guest at every technology event since the hype explosion last year, and WithSecure Sphere in Helsinki is no exception. The Finnish security company is using its annual conference to highlight the birth of Luminen, but also the wider development and impact of AI on the world.

Hip owl

Luminen, visually represented by a trendy owl, is WithSecure’s own generative AI solution. Like other GenAI solutions, Luminen is a Large language modelAnd like other professional implementations of generative AI, Luminen is careful with your business data. The AI ​​owl uses your data only to help you, not to train itself.

WithSecure Luminen is characterized by its restrictive implementation in the Elements Cloud platform. WithSecure does not use the LLM as a chatbot, but as a technology that controls the functionality behind certain buttons. As a user, you click on a button that promises more context and it is presented clearly in human language.

Safe and focused

“Behind the button there is a prompt,” explains Leszek Tasiemski, responsible for Foundation Product Management at WithSecure.Prompt technology is the new programming. We take responsibility for building and improving the prompt so that the user doesn’t shoot themselves in the foot.” WithSecure hopes to provide customers with the right information at the touch of a button without the risk of hallucinations caused by the LLM.

Paulo Palumbo, Vice President and Head of WithSecure Intelligence, sees another advantage: “Simply sprinkling Generative AI on a solution doesn’t solve the problem,” he says. “A chatbot that gets stuck on a tool actually mostly causes distraction and confusion. Other forms of AI, such as machine learning, have been running in the shadows for many years. Generative AI contributes to these capabilities.”

A closed approach, and for good reason

WithSecure uses a very closed approach for its generative AI tool. Not only is the LLM itself closed and only available as a service, but the prompts are also shielded. This creates simplicity for the customer, but also brings benefits for WithSecure itself. Because if users cannot freely ask questions, there is no real risk of Luminen misbehaving unexpectedly.

The closed approach is somewhat at odds with the vision of Mikko Hypponen. Today he is CRO at WithSecure and has, over the course of his long career, developed into a Finnish security rock star, complete with a ponytail. Hypponen is a contemporary of Linus Torvalds and fundamentally supports open source.

Open Source: Do-gooders, but not always

“Linux is open source and has made the world a better place,” he says. “The open operating system is the most widely used operating system here in the world. And also on Mars. You won’t find many Windows computers there.”

“In the case of AI, I experience a conflict within myself,” says Hypponen. “I’m a big fan, but if there are limits to open source, then maybe it’s in AI.”

For high-performance LLMs, open source is problematic and potentially dangerous.

Mikko Hypponen, CRO WithSecure

Until four years ago, OpenAI planned to openly share its models with humanity, but has since reconsidered that goal. The company behind ChatGPT concluded that LLMs are too dangerous to openly share with the world.

“That’s true,” said Hyponnen. “Any security, privacy or copyright restrictions you put into an open model, someone else can remove.”

Too dangerous

“There’s a reason that models abused for deepfake porn, for example, are not based on OpenAI’s GPT LLMs, but on open-source alternatives,” he continues. “OpenAI provides its model exclusively as a service via APIs. No one has access to the code, so no one can remove the built-in protections and restrictions. You can’t download ChatGPT, it’s closed source.”

Hyponnen fears that this approach is the safest for now. “I wish we could have open source everywhere,” he laments. “But in the case of high-performance LLMs, open source is problematic and potentially dangerous.”

Hyponnen’s vision is reflected in the way WithSecure handles GenAI. All experts at Sphere confirm the power of the technology and its benefits. Generative AI is an important tool for WithSecure itself to make its own security offering manageable for IT professionals in the mid-market, which is where the company focuses. However, caution is an advantage.

“That’s why it was never our goal to be the first to introduce generative AI,” concludes Tasiemski. “We took our time implementing the technology, simply because the alternative was too dangerous.”