Summary: The AI Cyber Challenge (AIxCC), organized by DARPA, aims to develop AI systems capable of identifying and fixing vulnerabilities in open-source software, with seven semifinalist teams recently awarded $2 million each at DEFCON 32. The competition emphasizes the importance of cybersecurity in protecting critical infrastructure and will culminate in a final event in August 2025.
Threat Actor: DARPA | DARPA
Victim: Open-source software | open-source software
Key Point :
- The AIxCC received nearly 40 submissions for Cyber Reasoning Systems, which were tested against real-world open-source projects.
- Semifinalists include teams like 42-b3yond-6ug and Shellphish, showcasing diverse approaches to cybersecurity challenges.
- The competition aims to demonstrate the potential of AI in enhancing the security of critical infrastructure systems.
- Future plans include commercializing and open-sourcing the developed technologies for broader application in various sectors.
Read more about DARPA’s AIxCC:
The AI Cyber Challenge (AIxCC), run by the Defense Advanced Research Projects Agency (DARPA), officially awarded seven semifinalists $2m each at DEFCON 32 where the agency hosted an immersive experience to underscore the real-world stakes of the competition.
The competition aims to find a cyber reasoning system to successfully find and fix vulnerabilities in open-source software.
Speaking to Infosecurity ahead of DEFCON, DARPA’s information innovation office director Kathleen Fisher, said, “We’re building a city at DEFCON to be a place to show the results as they are evolving. The other purpose in building the city as the venue for showing the results is to give people who attend the visceral experience of a cyber-attack on the critical infrastructure of a city.”
The seven teams announced as semifinalists who will advance to the final competition include:
- 42-b3yond-6ug
- all_you_need_is_a_fuzzing_brain
- Lacrosse
- Shellphish
- Team Atlanta
- Theori
- Trail of Bits
“In true DARPA fashion, we didn’t know if our hypothesis would be proven when we launched this program. Now, we’ve seen that AI systems are capable of not only identifying but also patching vulnerabilities to safeguard the code that underpins critical infrastructure,” said Andrew Carney, program manager for AIxCC.
In collaboration with the Advanced Research Projects Agency for Health (ARPA-H), AIxCC asked competitors to design novel AI systems to secure the open-source software that undergirds everything from financial systems to public utilities and the healthcare ecosystem.
For the AIxCC Semifinal Competition, teams aimed to develop Cyber Reasoning Systems capable of automatically processing a set of Challenge Projects. The goal was to find and fix Challenge Project vulnerabilities.
AIxCC received nearly 40 Cyber Reasoning Systems and tested each against an identical corpus of Challenge Projects that had a basis in real-world, open-source projects that are critical to industry, national security, and the public: Jenkins, Linux kernel, Nginx, SQLite3, and Apache Tika.
The Challenge Projects contained synthetic vulnerabilities for teams’ systems to identify and attempt to patch. Competitors’ systems were scored according to a public algorithm and the AIxCC organizers verified the results.
“There will be finals next year to see how much they can mature their technology. We’re already talking about commercializing, open-sourcing and getting the technology used with critical infrastructure sectors to see to what extent we can use this technology to find and fix vulnerabilities,” Fisher said.
The AIxCC Final Competition will be held in August 2025.
Source: https://www.infosecurity-magazine.com/news/darpa-awards-14m-seven-teams-ai-1