This is a work of fiction but contains references from interviews I conducted with people about real red team work, both on a physical security detail and for large software corporations.
The bearded tech founder was somewhere over Mexico, en route to Panama, when he learned of the security breach. Someone had broken into his home in Southern California. It was a house purchased via a shell corporation, and not directly tied to him by name as far as he knew. He’d avoided being photographed coming and going - tinted windows, multiple vehicles, and the gated community helped.
But still, it was California. Up there with regards to security risks, in his opinion. He loathed maintaining a home there but the unfortunate fact was that too much of his business was there; too many people he needed to see in order to make things happen. And if he didn’t keep at it, he wasn’t sure who would.
He was on his friend’s PJ at the moment though, nothing but bright blue sky out the windows as he contemplated the next move. Damage control. What had been stolen. Who had broken in and how had they gone undetected? When and if they would need to notify the police. His security in Cali must be reeling, that this could happen on their watch. They were proud, ex-military, took their jobs seriously.
That’s when it hit him. It couldn’t have come from outside. Nobody knew about this house. It must have been inside. It must have been the red team he hired to pen test the team. And boy, now that he knew there was a way in, heads were going to roll. He smiled and sat back in the leather seat. One more hour until they touched down in Panama City. He wouldn’t have to go back to California after all, he could handle the changing of the guard from the air.
Red teaming. The concept was foreign to him until he started working in tech. Originally a German military idea to pressure test strategy, but it had became common practice within big tech. The more lawyers you hired, the more red teams you brought in. Lawyers wanted to know liability. They wanted a piece of paper they could point to and say, “we tested it during this time, with this many consultants.” But it wasn’t fool proof, either.
Pen tests. Hire the best hackers you could find and pay them to find bugs. Find a bug, kill it. It was a sickening feeling when they came to you with some back door loop hole of a monstrosity. Like being caught with your pants down. Except you’re paying the person. Ridiculous.
The founder opened up chatGPT and asked for twenty bullet points on the history of red teaming.
OOTD. OBSERVE orient decide act.
The OOTD LOOP was the brainchild of one, Boyd, the greatest fighter pilot of all time. Disarmed every opponent in 40 seconds. He had given a pithy acronym to a survival tactic that was hard to describe. A real tech entrepreneur if he knew one.
The founder wondered about the security of OpenAI itself. He knew they were collecting data on queries and tying them back to people. He only used it on a secure laptop with nothing else on it, via a VPN. Wild to think about the data some people were uploading to it right now.
But the lawyers, yes the lawyers were probably pushing for even more pen tests over at OpenAI just as he was overhauling his private security due to the break in. There was too much risk, especially in the US, to be sued. Yes, he’s seen the report of a Belgian man taking his own life after an LLM suggested it. It didn’t disturb him, in the same way that reports of self driving cars causing accidents didn’t disturb him. New technology would come with sacrifice. It could get messy.
He knew from some of the conversation online that entire teams of consultants had been hired in speciality areas to test the model prior to the release of GPT4. But the level of safety instilled by this work could be shaky, unclear. It was difficult to plan for a black swan event, or a catastrophic one. The model had been dulled to some degree, he knew that because Sam had let him play around with it before it had been refined. He joked that Sam had purposefully put the model in a straitjacket, given it electroshock therapy, a lobotomy. Sam gave him a look like he’d just spoken those words about his wife. Maybe he was already overly attached.
The founder turned to his head of security, a man they called Grimmett, and asked who had been in charge of the California property.
“Officer Gaines, sir.”
“And have you confirmed yet who the intruder was?” The founder inquired.
“Yes, sir, it was that recent hire to the red team. The young one who just got back from Nepal.”
“Got it. Please find a new lead for California. And have the new guy sent down here. I want to see how he does on the ground with me.”
Grimmett nodded in agreement, which he always did, but the founder could read his surprise, or was it hesitation? It was in the subtle lack of conviction from the ex-Marine. He turned back to the window and the question of OpenAI’s red team.
Would it be enough? How much added security, bubble wrap, time until disaster had been added in this endeavor. He wasn’t of Musk’s mindset “everything must be paused!” And certainly not Yud’s, “we’re all gonna die!” Well, we are, but injecting fear into the public had never been his style.
No, he felt that AI alignment was important. And that perhaps GPT4 had been released with too much haste. It was a company arms race - rat race - whatever kind of race, he knew those teams weren’t sleeping. It was go go go. Only a select few would win, would be remembered.
In military action, at least there is clarity. The risk is the enemy. With AI, with code, it was less clear. Was the risk ourselves? Did he believe that? Was the risk the eventual super human intelligence? Sentience? Consciousness? Power dynamics?
That’s the thing he kept tripping up on. If red teaming was the safety net, what was it catching? Were there entire catastrophes prevented up front, or was it simply an exercise. ChatGPT had just been shut down for two days to fix a bug someone had uncovered. What a headache that most of been. What was funny was that he could see it, the future demise of the team over there, all the purist ideals getting sucked away by the money. Gentrified, suburbanized, softened and warmed by all that green. He could see it so clearly because it had happened to his company, and like a train on the tracks, he couldn’t do a goddamn thing about it. He couldn’t inject the appropriate amount of fear into his team to keep them from losing focus.
He couldn’t red team energy itself.
The jet touched down at a quiet airstrip near the jungle. The founder threw the laptop and two phones into the bag at his feet and got up to stretch. Later, he would try to enjoy the ocean and catch a few waves before dinner. But he couldn’t shake the feeling he got when he’d first learned about the break in, a break in he’d paid for, for his own protection, for his own ‘peace of mind.’
Despite that, he took out his phone and requested more pen tests. You could never be too safe.
In memory of Michael Brooks.
You should write more fiction! This was a great read
This is great Jocelynn! Wow! Very fun and gripping; really excited to keep reading this kind of stuff from you!