August 9, 2023

DARPA Issues Cyber Challenge to Find and Fix Security Vulns with AI

Alex Woodie

Today at Black Hat USA conference, the Defense Advanced Research Projects Agency (DARPA) and Open Source Security Foundation (OpenSSF) announced the AI Cyber Challenge (AIxCC), a two-year competition to build artificial intelligence that can automatically detect and fix security vulnerabilities in software.

Cybercriminals seem to have a never-ending supply of security vulnerabilities at their disposal, giving them opportunities to worm their way into the sensitive computer systems and databases maintained by the world’s largest enterprises and governments.

DARPA and OpenSSF aim to put a dent in that parade of vulnerabilities with the AIxCC, which promises $18.5 million in prize money as well as access to AI technology from OpenAI, Anthropic, Google, and Microsoft.

“Open source software is an essential and core part of our nation’s critical infrastructure,” said OpenSSF General Manager Omkhar Arasaratnam said in a release release. “Finding new and innovative ways to ensure our open source software supply chain is secure by construction is in everyone’s best interest.”

The competition will feature an open track and a funded track. People who are interested in participating in the AIxCC open track can register with DARPA starting in November. DARPA will also select seven small businesses to compete in the funded track; businesses interested in receiving funding to compete can register starting August 17.

There will be two phases to the AIxCC, including semifinal competition and the final competition. The two events will be held at DEF CON in Las Vegas in 2024 and 2025, respectively. Up to 20 teams will be selected to participate in the semifinal, while up to five will be selected for the finals. For more information, go to www.aicyberchallenge.com.

Security Concerns Causing Pullback in Open Source Data Science, Anaconda Warns

Hacking AI: Exposing Vulnerabilities in Machine Learning