Kiwi cybersecurity expert says maths a defence against AI superhacking
Kiwi cybersecurity expert says maths a defence against AI superhacking
Publish Date: 2026-06-24 22:43:00
Source Domain: www.rnz.co.nz
Using an unordered list, summarize the following article with between 4 and 8 key points. A Wellington entrepreneur collaborating on cybersecurity projects in the United States and Europe says mathematics can stymie the advancing powers of AI.Boyd Multerer, the CEO of Kiwi start-up Kry10, is an advocate of a maths-based cybersecurity approach called ‘formal methods’, which is now being piloted by the US Air Force.Just this week, the hacking threat posed by frontier AI models sparked a national security alert by the Five Eyes intelligence group, which includes New Zealand.One defence against that threat is to use other AI to patch software against at ever faster rates – AI versus AI.Boyd Multerer is CEO of Wellington-based cybersecurity firm Kry10.Supplied / John LudemanBut Multerer says new research – including projects with the US Department of Energy (DOE) National Labs and intelligence agencies – shows another way.”If you’re building a new system and writing a significant amount of code, you are going to be spending a lot of money on the AI versus the AI thing,” he said.”It doesn’t go away just because you’ve run it once. You have to keep running it as the techniques from the attackers change.”You haven’t actually proven the vulnerabilities are gone. You’ve only gotten out the ones that you know about now.”But if you can prove with maths that the vulnerabilities aren’t there in the first place, when the code is developed, you can contain that and corral the costs early, Multerer said.Cyber security expert discusses Five Eyes statement on AIMidday Report’Urgent’ questionsThe promise of formal methods has been confined by their complexity.That is now changing as agentic AI systems take on increasingly autonomous roles, said a recent Software Engineering Daily podcast with the founder of the formal methods approach, Professor Byron Cook, of Amazon.”The question of how to define, enforce, and verify what those agents are allowed to do has become urgent,” the podcast said.Multerer’s Kry10 was founded in New Zealand in 2020 and its shareholding is in the US.It has investment from a not-for-profit venture capital firm, IQT, which was set up by the CIA a quarter century ago. IQT works with over a dozen US and allied government partners as a “bridge” between private sector innovators and intelligence and defence sectors, according to its website.Kry10’s operating system was a finalist in NZ Hi-Tech Awards 2024, and has been chosen for a three-year, $10 million project with the DOE’s Idaho National Lab.Kry10 is also partnering with Sydney software company Proofcraft, on a project for the German government that “should lead to the widespread use of systems with demonstrable cybersecurity that prevent security vulnerabilities from occurring in the first place,” said Germany’s federal cybersecurity innovation agency.Protecting ‘Little Bird’The Pentagon’s pioneering Defense Advanced Research Projects Agency (DARPA) has been working on formal methods projects for over a decade.Ten years ago it used them to protect a Boeing Little Bird uncrewed helicopter from hacking, during an experiment.Last year it piloted them with Reaper drones. Defence quadcopters, helicopters and automobiles have also been protected.”The current patch-and-pray approach to software development for [Pentagon] systems is simply unacceptable when lives depend on those systems,” said a DARPA programme director.”Rather than testing software for vulnerabilities after it’s built, formal methods use mathematical proofs to verify software behaviour as it’s developed.”DARPA has set up another programme, PROVERS, which aimed to make the approach accessible to non-experts.The UK’s equivalent of NZ’s National Cyber Security Centre has just endorsed formal methods and started funding research, including with the University of New South Wales and Proofcraft.NZ’s critical systems face dilemmaMulterer said even some critical national infrastructure organisations in New Zealand would struggle to deploy AI against AI, due to their ageing systems or cost.”Throwing more AI at the problem might be a solution for some organisations, it won’t work for all,” he said.Kry10’s operating system was publicly released about a year ago, and Multerer said it is currently in active testing with governments around the world.”We are talking about people who don’t make choices lightly,” he said. “They know there are consequences of a failure. They do a lot of testing and they make decisions after knowing exactly how things work.”For the people who are worried about AI finding vulnerabilities in their infrastructure, you have to be able to update your systems, maintain your systems, and do it in a way that you know works.”And having evidence that it is done correctly requires mathematics at the bottom.”
