GitHub CEO on why open source developers should be exempt from the EU’s AI Act

GitHub CEO Thomas Dohmke says that open source developers should be made exempt from the European Union’s (EU) proposed new artificial intelligence (AI) regulations, saying that the opportunity is still there for Europe to lead on AI.

“Open source is forming the foundation of AI in Europe,” Dohmke said onstage at the EU Open Source Policy Summit in Brussels. “The U.S. and China don’t have to win it all.”

The regulations in question come via The Artificial Intelligence Act (AI Act), first proposed back in April 2021 to address the growing reach of AI into our every day lives. The rules would govern AI applications based on their perceived risks, and would effectively be the first AI-centric laws introduced by any major regulatory body.

The European Parliament is set to vote on a draft version of the AI Act in the coming months, and depending on what discussions and debates follow, it could be adopted by the end of 2023.

Open source + AI

As many will know, open source and AI are intrinsically linked, given that collaboration and shared data are pivotal to developing AI systems. As well-meaning as the AI Act might be, critics argue that it could have significant unintended consequences for the open source community, which in turn could hamper the progress of AI. The crux of the problem is that the Act would likely create legal liability for general purpose AI systems (GPAI), and bestow more power and control to the big tech firms given that independent open source developers don’t have the resources to contend with legal wrangles.

So, why would GitHub — a $7.5 billion U.S. company owned by Microsoft — be concerned about regulations on the other side of the pond? There are multiple reasons. Open source software by its very nature is distributed, and GitHub — which recently passed 100 million users — relies on developers globally. Indeed, a report from VC firm Runa Capital this week indicated that 58% of the fastest-growing open source startups are based outside the U.S., with Germany, France and the U.K. (though it isn’t governed by EU regulations) in particular central to this.

More importantly, perhaps, is the fact that Europe has emerged as a driving force behind tech regulations, evidenced by its GDPR data privacy and protection regulations. Put simply, what happens in Europe can ripple into other countries and quickly become a global standard.

“The AI act is so crucial,” Dohmke said onstage. “This policy could well set the precedent for how the world regulates AI. It is foundationally important. It is important for European technological leadership, and for the future of the European economy itself. It must be fair and balanced to the open source community.”

Big bucks

Microsoft and GitHub stand to benefit from a fertile open source landscape, evidenced by their potentially lucrative Copilot tool that helps developers code using technology trained on the work of open source developers. Microsoft, GitHub and AI research lab OpenAI, in which Microsoft is heavily invested, are facing a class action lawsuit for their endeavors.

Elsewhere, OpenAI’s much-hyped text-generating AI phenomenon ChatGPT is also in the spotlight, with the EU’s Internal Market Commissioner Thierry Breton noting in an interview with Reuters today that ChatGPT’s transformative and wide-reaching applications underscores the need for robust regulation.

“As showcased by ChatGPT, AI solutions can offer great opportunities for businesses and citizens, but can also pose risks,” Breton told Reuters. “This is why we need a solid regulatory framework to ensure trustworthy AI based on high-quality data.”

Pretty much the entire world of AI as we know it today has been built on an open source foundation, and anyone with an interest in commercializing AI needs the open source status quo to continue. The big tech firms, including Microsoft, recognize that they might have more legal battles on their hands as a result of impending AI regulations, but at the very least they don’t want open source developers deterred from their work.

Dohmke said that the AI Act can bring “the benefits of AI according to the European values and fundamental rights,” adding that lawmakers have a big part to play in achieving this.

“This is why I believe that the open source developers should be exempt from the AI act,” he said. “Because ultimately this comes down to people. The open source community is not a community of entities. It’s a community of people and the compliance burden should fall on entities, it should fall on companies that are shipping products. OSS developers are often just volunteers, many of them are working two jobs. They are hobbyists and scientists, academics and doctors, professors and university students all alike, and they don’t usually stand to profit from their contributions. They certainly don’t have big budgets, or their own compliance department.”

GitHub CEO on why open source developers should be exempt from the EU’s AI Act by Paul Sawers originally published on TechCrunch

Four years after being acquired by Microsoft, GitHub keeps doing its thing

It’s been four years to the day since Microsoft closed its acquisition of GitHub, which at the time was mostly a code repository. Today’s GitHub looks quite a bit different, now that it added CI/CD tools with GitHub Actions and Codespaces as an online editor and compute platform, as well as various security tools and more. But according to GitHub CEO Thomas Dohmke, who took over from Nat Friedman a year ago, Microsoft has very much allowed GitHub to do what it does best.

“We kept GitHub GitHub and it remains this independent entity within Microsoft similar to LinkedIn,” he told me. “I think we did a fantastic job with doing this and kept GitHub in its original form. You don’t see more Microsoft in than you saw four years ago and that has helped us to continue to grow and we’re very excited where this is going.”

He noted that GitHub has continued to receive the same support from Microsoft’s leadership team, including CEO Satya Nadella, over the years. “Microsoft has not forgotten why we did the deal in the first place and what the important pillars of the deal are. The first and foremost principle is to put developers first. And that is what we do every day,” Dohmke said.

But, he also acknowledged that Microsoft is a big company and that people sometimes have their own ideas of what the Microsoft/GitHub relationship should be like. So far, though, it seems like the leadership on both sides has been able to keep those ideas at bay.

Dohmke noted that GitHub has obviously benefited from Microsoft’s sales prowess, which helped it land a number of big accounts. That surely also helped the company get to the $1 billion annual recurrent revenue it announced yesterday. Dohmke said that he believes GitHub would’ve likely reached this milestone as an independent company, too.

“I’m generally an optimistic person,” he said. “So any company can get there if they just stay focused on their mission. The biggest challenge that companies have once they get to a certain size is focus.”

Today’s GitHub is obviously in a different position than the GitHub of four years ago. Its product portfolio, for one, has expanded quite a bit with projects like CodeSpaces and, most recently, Copilot. “I think I will have achieved my mission as CEO if we generate happy developers — happy developers who enjoy doing their job and that don’t see security, compliance and accessibility as a burden but as part of what makes them happy and what gets them to perform in their life,” Dohmke said. And projects like this are clearly a part of that.

“I think, what we’re doing here is we’re disrupting ourselves with AI, with Copilot and with Codespaces, he added. “Those are all new investments that are away from the traditional GitHub — the old-school GitHub that had repos and issues and wikis — and keep pushing the boundary of what we believe is possible.”

But, he also stressed, this isn’t just about big announcements and flashy events, but also focusing on the little fixes and features that may be just as important to keep developers happy. “I think that’s our superpower: that we can balance the tiny bits with big wins and the big disruptions to our own business.”

Four years after being acquired by Microsoft, GitHub keeps doing its thing by Frederic Lardinois originally published on TechCrunch

Application security testing platform Code Intelligence raises $12M Series A

Code Intelligence, an automated application security testing platform based in Bonn, Germany, that focuses on fuzzing, announced today that it has raised a $12 million Series A funding round led by Tola Capital. Existing investors LBBW, OCCIDENT, Verve Ventures, HTGF and Thomas Dohmke, the CEO of GitHub, also participated in this round, which brings the company’s total funding to about $15.7 million.

The company was co-founded in 2018 by Sergej Dechand, Khaled Yakdan and their former professor at the University of Bonn, Matthew Smith.

Image Credits: Code Intelligence

“Back then, we noticed that fuzzing and some other techniques are super powerful, but outside of the security research community, no one actually used it,” Dechand told me. “We started to collaborate from the university with a few larger enterprise companies to try things out and we had really, really good results. So even though we didn’t want to found a company in the beginning, somehow we had a prototype of a product.” Encouraged by Smith, the team decided to give it a shot and founded a company to develop and commercialize its prototype system. At first, the co-founders continued to work at the university, but in 2019, they decided to work on the service full-time. Now, a few years later, Code Intelligence counts the likes of Bosch, Continental and Deutsche Telekom among its users.

Dechand argued that while there are plenty of open source fuzzing tools, it still takes a very knowledgeable security team to actually implement and use them. With the security teams as the bottlenecks to implementing these tools, Code Intelligence put its focus on bringing its tools directly to the developers. “In the end, they are the ones who are fixing it and know best what kind of error is critical,” said Dechand.

Image Credits: Code Intelligence

Since developers don’t want to look at yet another tool in their development pipeline, Code Intelligence integrates with services like Jenkins, GitHub and GitLab. Thanks to this, developers will not only see how well their code is covered, but Code Intelligence also adds additional pipeline in the continuous integration system that automatically fuzzes the code as a new pull or merge request comes in.

Currently, Code Intelligence offers support for Go, C++, Java and Kotlin, with support for Node.js, JavaScript, .NET and Python coming soon.

Image Credits: Code Intelligence

As of now, Code Intelligence is in closed beta and the company is still working closely with its enterprise customers to onboard new teams. Over time, though, the plan is to automate all of this and launch a self-service platform.

“Code Intelligence is the most advanced automated fuzz testing solution for applications and APIs and is incredibly easy for developers to use in their existing workflows,” said Will Coggins, vice president at Tola Capital. “The potential for this technology to improve how development teams build secure software is enormous.”

GitHub gets a new CEO

GitHub CEO Nat Friedman is stepping down from his role on November 15 to become the Chairman Emeritus of the Microsoft-owned service. Thomas Dohmke, who only recently became GitHub’s chief product officer, will step into the CEO role.

When Microsoft acquired GitHub in 2018, there was quite a bit of worry in the developer community that it would be an overbearing presence and turn the code sharing and collaboration service into a Microsoft-first platform. With Friedman, who thanks to his developer and open source background brought a lot of community goodwill with him when he took the job, GitHub remained independent and platform-neutral during his three-year tenure.

As Dohmke told me, that’s not going to change under his leadership. As he noted in an interview ahead of today’s announcement, Friedman had asked him to come on board after the acquisition. The German-born Dohmke is probably best known as the co-founder and CEO of HockeyApp, which Microsoft acquired in 2015.

“In 2018, Nat picked me to lead the GitHub deal from the Microsoft side,” said Dohmke, who had risen in the ranks of Microsoft’s developer division since the acquisition of HockeyApp. “It was a really exciting time for me. It was kind of like getting back to my CEO roots even then because I was leading all the different deal functions. GitHub has a lot of aspects outside of the product and engineering world that needed to be figured out. And then Nat asked me to join GitHub with him, which I gladly accepted. I ran strategic programs and special projects at GitHub.”

new GitHub CEO Thomas Dohmke

new GitHub CEO Thomas Dohmke

One of his first projects was to make private repos free for all developers in early 2019. And while most developers are probably aware of that, Dohmke himself admits that he doesn’t have the public profile that Friedman had when he stepped into the CEO role, but he stressed that his background as a developer and open source advocate fits into the overall line of GitHub CEOs of the past.

“I hope people will look back on the last few years with Nat as the leader of GitHub and be excited and grateful for all the things that have shipped and made GitHub a better place for software development,” Dohmke said. “I hope they’re looking back at this era as one of the great eras of GitHub. During the time of the Microsoft deal, people were nervous about what this will mean for GitHub’s independence. Are we getting closer to Microsoft? I think we have proven over the last few years that we will stay independent, that we will stay cloud-neutral and that we do the right thing for the developers and that we put the developers first. Hopefully, they see this transition as a continuation of the tradition of GitHub CEOs being developers. The previous CEOs, we are all developers, Nat was a developer, I’m a developer. I hope everybody’s excited about where we will go as a company and how we will innovate and make developers more productive.”

He did note that his overall style is a bit different, though, with his focus more on execution than necessarily being a visionary.

“Over the last few years that we have been working together very closely, a lot of our styles have aligned and we have very close conversations almost daily. I think Nat is a little bit more visionary and seeing the future — and I have a little more of the execution-style of focusing on what has to ship now. But I think we both share that we are very customer-obsessed,” Dohmke explained.

Looking ahead, though, Dohmke, who still likes to take on a few mobile-centric private coding projects in his spare time, isn’t planning to make any major changes right away. Instead, a lot of what he described is the continuation of the trajectory that GitHub is already on — and to continue its march to getting 100 million developers onto its platform. In his view, there are four pillars to this.

First of all, the company will continue to build out AI projects like Copilot. As Dohmke noted, in the last few years, GitHub worked a lot on the CI/CD side of software development — everything that happens after the pull request. “With artificial intelligence and Copilot, we’re bringing this to the inner loop, to what developers are doing on their laptops, what they’re doing in their editor,” he said.

The second pillar he described is Codespaces, GitHub’s cloud-based developer environment, backed by Visual Studio Code. The idea here, he said, is to ensure that GitHub can meet developers where they are — and free them from having to set up complex development environments for every new project.

The third pillar is, unsurprisingly, the GitHub community. “If you think about creator communities today, we think about TikTok, and YouTube and Substack,” he said. “But really, open source was one of the original creative communities going back to the ’90s. If you think about the early days of open source, the early days of Linux — this is all about creating stuff and sharing stuff with the world and partnering with each other to create this universe of software. And so we think GitHub is becoming more and more of a creative community, or, if you will, it was one of the original creator communities when it started in 2008.”

Security, in Dohmke’s mind, is the fourth pillar for GitHub to build on top off — and that has obviously been a focus for the company for a while. Dohmke himself helped lead some of the acquisitions in this space, including the Dependabot and Semmle acquisitions in 2019.

Dohmke only became GitHub’s CPO in August, and it looks like he didn’t expect to be in this new role quite this quickly.

“In August, I didn’t know that I would already become the CEO, but from talking to Nat as a friend, from talking to Nat as a peer, a partner within GitHub, I knew at some point that his heart is elsewhere and he wants to go back to his entrepreneurial roots and explore the startup scene more,” Dohmke told me. “So this has been for a while coming and we were preparing for an orderly transition.” As part of his role in the GitHub leadership team, he had already been in all product reviews for the last three years.

Friedman confirms that he wants to return to the startup scene. “With all that we’ve accomplished in mind, and more than five great years at Microsoft under my belt, I’ve decided it’s time for me to go back to my startup roots,” he writes in today’s announcement. “What drives me is enabling builders to create the future. I’ve loved working with and learning from developers who are building new tools and new projects, solving thorny problems, and creating magic out of code. That’s why I’m moving on to my next adventure: to support, advise, and invest in the founders and developers who are creating the future with technology and tackling some of the biggest opportunities of our day.”

It’s hard to blame him. He sold the Xamarin to Microsoft in 2016 and stayed longer than most would’ve expected. In part, that’s surely due to the fact that he was offered the role as GitHub’s CEO. We’ll keep an eye on what he does next. There is a good chance it will involve a monkey as a mascot, after all.