The Great Security Update: AI ∧ Formal Methods with Kathleen Fisher of RAND & Byron Cook of AWS
Episode
99 min
Read time
2 min
Topics
Fundraising & VC, Artificial Intelligence, Software Development
AI-Generated Summary
Key Takeaways
- ✓Formal Methods Spectrum: Type checkers in Java represent simple formal methods proving basic properties like integer operations, while interactive theorem provers like CompCert verify full functional correctness of C compilers down to assembly code, requiring PhD-level expertise but providing complete semantic guarantees with explicit assumptions about hardware.
- ✓AWS Security Implementation: Amazon applies formal verification across critical infrastructure including TLS handshake protocols in s2n, policy interpreters handling over one billion calls per second, and the new isolation engine hypervisor for Graviton five processors, using tools like SAT solvers and Isabelle theorem prover to prove cryptographic correctness and separation properties.
- ✓AI-Assisted Proof Generation: Generative AI models now find inductive invariants and ranking functions needed for proving program correctness with loops and termination, reducing previously intractable problems to combinatorial reasoning that automated tools handle efficiently, enabling one-to-one ratios of engineers to formal methods experts instead of requiring dedicated PhD specialists.
- ✓Automated Reasoning Checks: AWS translates natural language policies like HR handbooks into formal logic using multiple LLM translations verified for equivalence by theorem provers, achieving 99% verification accuracy by checking AI agent outputs against formalized rules, iteratively refining specifications through corner case analysis with domain experts providing ground truth validation.
- ✓Security Rewrite Timeline: Current software vulnerabilities remain equivalent to unlocked doors and open windows, but combining formal methods with AI code generation enables superhuman secure code production within two model generations, with memory safety, input validation, and parser-generated protocols eliminating entire vulnerability classes if society prioritizes deployment over feature velocity.
What It Covers
Kathleen Fisher of RAND and Byron Cook of AWS explain how formal methods—mathematical techniques that prove software correctness—can dramatically improve cybersecurity before AI-powered attacks become ubiquitous, including AWS's automated reasoning systems.
Key Questions Answered
- •Formal Methods Spectrum: Type checkers in Java represent simple formal methods proving basic properties like integer operations, while interactive theorem provers like CompCert verify full functional correctness of C compilers down to assembly code, requiring PhD-level expertise but providing complete semantic guarantees with explicit assumptions about hardware.
- •AWS Security Implementation: Amazon applies formal verification across critical infrastructure including TLS handshake protocols in s2n, policy interpreters handling over one billion calls per second, and the new isolation engine hypervisor for Graviton five processors, using tools like SAT solvers and Isabelle theorem prover to prove cryptographic correctness and separation properties.
- •AI-Assisted Proof Generation: Generative AI models now find inductive invariants and ranking functions needed for proving program correctness with loops and termination, reducing previously intractable problems to combinatorial reasoning that automated tools handle efficiently, enabling one-to-one ratios of engineers to formal methods experts instead of requiring dedicated PhD specialists.
- •Automated Reasoning Checks: AWS translates natural language policies like HR handbooks into formal logic using multiple LLM translations verified for equivalence by theorem provers, achieving 99% verification accuracy by checking AI agent outputs against formalized rules, iteratively refining specifications through corner case analysis with domain experts providing ground truth validation.
- •Security Rewrite Timeline: Current software vulnerabilities remain equivalent to unlocked doors and open windows, but combining formal methods with AI code generation enables superhuman secure code production within two model generations, with memory safety, input validation, and parser-generated protocols eliminating entire vulnerability classes if society prioritizes deployment over feature velocity.
Notable Moment
The DARPA HACMS program demonstrated formal methods effectiveness by letting red teams attack a Boeing helicopter mid-flight with test pilots aboard after proving separation kernel properties. The pilots survived unharmed and could not detect they flew the high-assurance version, while the compromised camera partition crashed repeatedly without affecting flight operations.
You just read a 3-minute summary of a 96-minute episode.
Get Cognitive Revolution summarized like this every Monday — plus up to 2 more podcasts, free.
Pick Your Podcasts — FreeKeep Reading
More from Cognitive Revolution
Babysitting the Machine: Glean's Rebecca Hinds on the Hidden Human Labor of AI at Work
Jun 10 · 106 min
Software Engineering Daily
Formal Methods as Agent Guardrails
May 19
More from Cognitive Revolution
AI in the AM — Week 1 Highlights (June 2026)
Jun 6 · 82 min
ZOE Science & Nutrition
Most replayed moment: Carbs: the good, the bad, and the misunderstood | Tim Spector
Mar 17
Books, tools, and gear mentioned in this episode
SignalCast may earn commission on purchases via these links. As an Amazon Associate, SignalCast earns from qualifying purchases.
Tools
“interactive theorem provers like CompCert verify full functional correctness of C compilers down to assembly code, requiring PhD-level expertise but providing complete semantic guarantees”
“using tools like SAT solvers and Isabelle theorem prover to prove cryptographic correctness and separation properties”
by Amazon
“Amazon applies formal verification across critical infrastructure including TLS handshake protocols in s2n, policy interpreters handling over one billion calls per second”
other
by DARPA
“The DARPA HACMS program demonstrated formal methods effectiveness by letting red teams attack a Boeing helicopter mid-flight with test pilots aboard after proving separation kernel properties”
More from Cognitive Revolution
We summarize every new episode. Want them in your inbox?
Babysitting the Machine: Glean's Rebecca Hinds on the Hidden Human Labor of AI at Work
AI in the AM — Week 1 Highlights (June 2026)
Nested Learning: Ali Behrouz on the Quest for Continual Learning & Illusion of AI Architectures
Inside Nathan's Second Brain: Daniel Miessler, Security Expert & Creator of PAI, Audits My AI Setup
Your Biggest Lever: Designing your AI Career for Maximum Impact, with 80,000 Hours founder Ben Todd
Similar Episodes
Related episodes from other podcasts
Software Engineering Daily
May 19
Formal Methods as Agent Guardrails
ZOE Science & Nutrition
Mar 17
Most replayed moment: Carbs: the good, the bad, and the misunderstood | Tim Spector
Found My Fitness
Aug 5
#105 Exogenous ketones, my coffee protocol, and supplements for blood sugar regulation (Premium Member Q&A July 2025)
The TWIML AI Podcast
Jun 9
Is RAG Dead? Lessons from Building AI for Tax Law with Alex Bowcut - #769
Latent Space
Jun 3
🔬Scaling Past Informal AI - Carina Hong, Axiom Math
Explore Related Topics
This podcast is featured in Best AI Podcasts (2026) — ranked and reviewed with AI summaries.
Read this week's AI & Machine Learning Podcast Insights — cross-podcast analysis updated weekly.
You're clearly into Cognitive Revolution.
Every Monday, we deliver AI summaries of the latest episodes from Cognitive Revolution and 192+ other podcasts. Free for up to 3 shows.
Start My Monday DigestNo credit card · Unsubscribe anytime