Last summer, a sign appeared on the door to a stuffy, windowless room at the office of Manhattan artificial-intelligence startup Clarifai. “Chamber of secrets,” it read, according to three people who saw it.
The notice was a joking reference to how the small team working inside was not permitted to discuss its work with others at Clarifai. Former and current employees say the group was working on a controversial Pentagon project using machine-learning algorithms to interpret drone-surveillance imagery—and that Clarifai’s secrets were less safe than they should have been.
A lawsuit filed by former employee Amy Liu this month alleges that Clarifai’s computer systems were compromised by one or more people in Russia, potentially exposing technology used by the US military to an adversary. The lawsuit says Clarifai learned of the breach last November, but that Clarifai’s CEO and other executives did not promptly report it to the Pentagon.
In her complaint, Liu, a former Air Force captain who worked in military intelligence, says she was unfairly terminated from her position as director of marketing for arguing that the company needed to disclose the incident. Another former employee told WIRED that his concerns over executives’ handling of the hack prompted him to leave the company.
Clarifai was working on a piece of Project Maven, former and current employees say, a Pentagon effort to infuse the US military with AI. Project Maven has triggered dissent inside Google, which took on a similar drone-analysis contract. More than 4,500 Google employees signed a letter protesting the project, saying they don’t want Google’s technology to potentially help kill people. The outcry prompted the company to issue ethical guidelines governing use of its AI technology, and promise not to renew its Project Maven contract when it expires next year.
Clarifai declined to comment on whether it had worked on Maven. A spokesperson said the security incident involved an “untargeted bot” that had infected a research server and did not access any data or code. The spokesperson said customers were notified of the incident, but declined to say when or whether that included the Pentagon.
Clarifai was founded in 2013 by Matthew Zeiler, a PhD who studied machine learning alongside professors who later became top AI researchers at Google and Facebook. The startup offers companies image recognition for tasks such as identifying celebrities and food.
Liu says she understands why the US military needs to expand its use of AI technology. She also says that the lack of transparency and poor security she witnessed at Clarifai made it an unsuitable place to help with that. “If now Google’s out of the running, and all they have left is companies like Clarifai, that’s sad and scary,” Liu says.
In response to questions about its approach to developing AI technology, a spokesperson referred WIRED to a statement of Clarifai’s core values on its website. They describe the company as “driven by our mission to accelerate the progress of humanity with continually improving AI.”
Liu says she was drawn into Clarifai’s military work when she helped draft Clarifai’s pitch for the Maven contract in June 2017. The paper argued that technology Clarifai had developed for commercial clients could be adapted to do things like detecting and counting cars and people in drone imagery. Liu says Clarifai won a six-month, $7 million contract last summer. Like Google, Clarifai worked on Maven as a subcontractor to ECS Federal, an IT contractor headquartered in Fairfax, Virginia.
The Maven contract was a big win for Clarifai. An internal document from late 2017 shows that most of the startup’s deal prospects were less than $100,000. But Liu and others familiar with the project say executives obscured the fact Clarifai had become involved in military work, describing the project generically as a government contract that could save lives. Two people who worked on the project say they were not initially informed that the surveillance technology they were building was for the military.
The current and former employees said roughly 10 people worked on Clarifai’s Maven contract in the windowless room later tagged as the chamber of secrets. For some, the project’s purpose fully emerged only when, more than a month in, government workers who appeared to be military staff visited Clarifai’s offices to discuss the system being developed. Clarifai’s spokesperson says the company makes sure employees understand the projects they work on.
In early November, Clarifai was informed by internet service provider Cogent that one of its servers appeared to be attacking Indiana University, according to an initial incident report seen by WIRED. The report says that all the company’s code and the credentials to its Amazon Web Services account that stored customer data could have been compromised—and that the malware appeared to have originated from a computer in Russia. The Clarifai spokesperson said that the company’s investigation found that none of the company’s data or code was compromised.
In chat logs from November 7 reviewed by WIRED, Zeiler, the CEO, says the malware had been attempting to contact computers “all over the world.” They included some belonging to the US government. “Oh fun,” Zeiler wrote. “One is DOD Network information center.”
Liu says she heard from other employees the next day that the company had been attacked. Soon after, her complaint says, Clarifai’s general counsel, Caroline McCaffery, summoned her via Slack message to meet in a broom closet.
There, Liu says, McCaffery detailed what executives had learned about the hack and asked for help in planning internal messaging about the incident. Liu says she raised concerns that the Pentagon, and perhaps other Clarifai customers, should be informed, but that McCaffery claimed it wasn’t necessary until the internal investigation was complete.
Later that day, McCaffery announced at a company meeting that no one should write down anything about the hack, former and current employees say. In her lawsuit, Liu says she added a point to the agenda for her next scheduled meeting with her manager about reporting the hack to the government. Liu was terminated a few days later.
One former and one current Clarifai employee say the company still hadn’t disclosed the breach to the Pentagon several weeks later. A company spokesperson said customers were notified of the incident, but declined to say when. Liu’s complaint says that the Pentagon learned of the incident through other means, but she and her lawyer declined to elaborate.
Liu says she was told she was fired because her work did not align with that of Clarifai’s sales team. Her lawsuit claims the real reason was because she had urged Clarifai to inform the Pentagon of the breach. Her complaint was filed with the Department of Defense Inspector General, alleging that Clarifai broke Pentagon rules by not reporting the breach within 72 hours, and broke military law prohibiting reprisals against contractor employees trying to disclose information about breaches of department regulations. Clarifai’s spokesperson confirmed that Liu was let go in November but denied the company did anything improper.
Early this year, Clarifai’s Maven contract was extended by two months, because the Pentagon liked the company’s technology, people familiar with the work say. By that time, several employees involved had left or asked to be transferred off the project. Clarifai, which has offices in Manhattan and San Francisco, is still trying to expand its government and defense work, in part by hiring new staff closer to the Pentagon. The startup’s website lists five open engineering positions in Washington, DC.