Today’s Technology Leaders:
An Interview with the founders of QbitLogic
The founders of one of the most revolutionary, U.S.-based companies, QbitLogic, describe their mission to change the way software is made today.
Please tell us a little about the history of QbitLogic.
Arkadiy: Benjamin and I started the company in 2014 with a very ambitious goal to use quantum chip technology to find and fix software bugs. After a few months of very extensive research, we realized that quantum technology was only capable of solving toy problems at that time. Then we met Blake, our very intelligent friend, who shifted our efforts toward the well-researched field of Machine Learning. In 2016, we convinced DARPA, the research arm of the U.S. Department of Defense (DOD), that our technology had potential. They selected our project, CodeAI, to be developed and deployed across all the DOD software development divisions. They wanted to find ways to speed up the development of their F35 aircraft, a project that in 2014 had gone $163 billion over budget and was 7 years past the project deadline due to software development delays. Ironically, Lockheed Martin, the major contractor of the F35 project, named CodeAI a winner of the HeloPitch startup competition in March 2017 for the concept of a software that fixes software. In 2017 we were able to complete some work that enabled AI to understand computer source code. To the best of our knowledge, we were the first company in the world to build an AI model that understands code. Once there is a machine that understands code a lot of manual tasks can be automated. The same year we conducted an experiment where we ran CodeAI on 6 popular open source projects and witnessed 1,000 security defects fixed in less than 6 hours. Today a few Fortune 100 companies are quite excited about the solution we’ve built and some have offered financial support.
As the founders, what do you believe to be the end goal of this company?
Arkadiy: The way we build software today is not the way we build houses or cars. It is extremely laborious and error-prone. It takes the same amount of time to make software work as it does to write it. And when it works there’s no guarantee that it’s cyber resilient, meaning hack-proof. It’s super expensive and very ineffective. Software essentially automates certain business processes but the funny thing about software development is that it involves little automation itself. We believe that in order to make the whole software development industry more efficient and cost-effective, many more software development tasks must be automated. Finding and fixing bugs has been the #1 cost driver for decades, yet cyber security problems, data breaches, and hacking attacks resulting from bugs still increase. If we can automate this task by 50% for example, we will cut the cost of development significantly and enable high quality, cyber-resilient software to be shipped as fast as General Motors ships its cars. If we are successful in doing this, we could change the whole paradigm of software development and unleash innovation on a scale the world has never seen.
What were some major challenges you have encountered along the way?
Ben:There were two major challenges that we faced. The first was related to the scientific research and development of our technology, and the second was its productization. Many professors from academic institutions that we contacted did not believe that we could bring to fruition our idea. It was hard to approach research without the backing from some of the leading minds, yet we kept pursuing our objective. The second challenge was our productization roadmap. We realized that we had built a very powerful technology but weren’t sure about how to deploy it to software development teams across the globe. It appeared to be a more challenging task than developing the core technological capabilities. By conducting many interviews with targeted users we realized that making something as user-centric and lightweight as possible was the way to go. That’s how our flagship product, CodeAI, was born.
Perhaps you could introduce some unique capabilities of CodeAI.
Ben: What makes CodeAI stand out from other state-of-the-art solutions is its ability to quickly find and fix security and code quality defects (CWEs) in code bases of arbitrary size and complexity with an extremely low false positive rate. Programmers create defects as they write software and often create more when trying to apply fixes. The problem with conventional SDLC testing methods is that they have been traditionally focused on ensuring that programs comply with their requirements. These requirements don't always take security issues into account. Security related bugs are vulnerabilities which hackers use to infiltrate software and the reason that so much sensitive data today is compromised. The category of bugs related to security are called Common Weakness Enumeration defects, or CWEs. We created CodeAI to fix bugs that not only damage the quality of the software but also compromise its security. We created it to address CWEs. With CodeAI we chose to enhance static analysis by injecting AI into it so that it is more accurate while remaining lightweight. CodeAI will reduce the need to purchase more costly and computationally intensive analysis tools that rely to some degree on formal verification techniques.
How did you engineer CodeAI, a software that fixes other software?
Blake:When we approach fixing a new type of bug, for example CWE 476 NULL POINTER DEREFERENCE, the most common bug category in all C and C++ open source projects, we first find examples of that bug and how other people fixed it. One of the sources we use is the NIST Juliet test suite  for static code analysis tools, which includes many of the CWEs and includes examples of bugs of the CWEs, and then fixed versions of that code. Another source of data that was even more valuable was the open source repositories on Github, where we looked through all of the repositories on Github and all of the commits to find indications of this bug being addressed in a commit. That gave us real-world examples of people fixing this bug in their own code. We used these examples in order to create our own custom tools that fix that particular bug.
Can you walk me through the process of a how a developer would use CodeAI?
Arkadiy: We considered for quite some time how to make CodeAI available to software developers on a global scale. We realized that the combination of cloud infrastructure like AWS and software development platforms like GitHub would ultimately allow us to achieve our goal.
For any developer who wants to use CodeAI, it will take less than 1 minute to start the process. There are two simple steps. First you need to log in using your GitHub credentials. Then you upload a link to your software project. Finally, you specify commands to build your project in Docker container and that’s it! With a click of a button you initiate the analysis of your project in a safe and secure environment. CodeAI will analyze your project, create the fixes, validate those fixes and then notify the developer that there are fixes available for review. After the developer reviews the fixes, they can push the fixes back to their GitHub repository as a pull request generated by CodeAI with the simple click of a button. Then they can just go to Github, accept the pull request, and that code will be in their repository. No special installation is required and the service is instantly available for use. Depending on the size of your project, it can take several minutes to a few hours to generate fixes for the detected defects and make them available for developers to review. For larger projects, i.e. in excess of 1 MLoc, it may take up to 12 hours to generate results, but CodeAI often generates hundreds of fixes for a project of that size.
Since your system is using AI does it mean that it learns to become better over time? Ben:Yes, it does! Anonymous usage data is the key. When presented with a fix for a detected defect, the user should click "ACCEPT," or "DECLINE," in the user interface to label the defect and associated fix as a "True" or "False" positive. This labeled data is used to enhance our finding and fixing algorithms and the machine learning model. What this means for a software development team is that, over time, CodeAI will become very good in fixing bugs with human like precision. An assistant like this could be very instrumental for a team that needs to deliver defect-free software at a fraction of the time and cost.
Please tell me more about your name “QbitLogic.” We’ve discussed Machine Learning (ML) and its role in CodeAI, but your company name appears to point to quantum technologies.
Ben: As the named suggests, QbitLogic is involved in the new, exciting, and complex field of Quantum Computation. The “Qbit” in QbitLogic is the fundamental unit of quantum computation. Qbits are just like transistors in classical computers, except that they can be 0 or 1 or a superposition of the two. Qbits interact via entanglement in a controlled quantum system. The properties of that system are described by a wave equation, which forms a probability distribution over its energy states in space and time. Because the energy of a QC is nondeterministic, you have to sample it multiple times and then assume that the most commonly occurring output is the ground state, which becomes the binary solution vector to your problem.
It's interesting that people want to perform deterministic computations using a probabilistic system. The reason it’s described by probability is because at the smallest level all properties of the universe are uncertain. For small enough particles, there’s a limit to how much we can know about their position and momentum, a famous concept called the Heisenberg uncertainty principle. So building a computational machine on top of that theory and then running programs on it to obtain solutions to a problem is like applying logic to something that is illogical. Quantum mechanics doesn’t make sense, really. Richard Feynman was famous for saying that nobody understands quantum mechanics. So to build a computer based on that theory is sort of an oxymoron. QbitLogic is applying logic to Qbits, which are fundamentally illogical in their operation.
Could you tell us more about how such a revolutionary computing technology fits into your vision for the company?
Ben:Our long term vision is to combine Quantum Computing (QC) technology with our Machine Learning stack. Quantum Computing is still in its infancy, and building a viable product like CodeAI that uses QC is not feasible at this point. However, we are looking into Quantum Machine Learning (QML) with some of our partners in Canada, and it may be something we incorporate into our technology in the future. The underlying machine learning models behind CodeAI are a combination of deep learning techniques that have found success in other domains, such as natural language processing and computer vision. One such model, the Boltzmann Machine, is based on interacting two-state systems that appear in physics. Currently these models can only be emulated using computer software. An alternative approach is to physically build these systems, which D-Wave, the world’s first quantum computing company, has done. Utilizing their chip, which is based on the adiabatic model of QC, it may be possible to train Boltzmann machines faster, more accurately, and with less data.
In addition, certain technologies in the CodeAI engine not based on machine learning can leverage the inherent parallelism in quantum architectures to perform scalable formal verification. For example, QC can enhance SAT solvers, commonly used to symbolically execute and verify computer programs, by reducing the generated logical constraints to a Quadratic Unconstrained Binary Optimization (QUBO) problem, which is ideally suited for solving on the D-Wave architecture. However, in the long run, circuit model QCs will prevail, as they are able to efficiently simulate the adiabatic model. It may be that scalable circuit model QCs will hold the key to an Artificial General Intelligence (AGI) because then you could write programs that could evaluate and modify their formal logic in real time, aka a self modifying program, which would be the ultimate version of CodeAi.
For media inquiries contact us at: email@example.com