AIAI Cyber Challenge Aims to Secure Nation’s Most Critical Software

Earlier this month, at Black Hat USA 2023, DARPA issued a call to top computer scientists, AI experts, software developers, and beyond to participate in the AI Cyber Challenge (AIxCC) – a two-year competition aimed at driving innovation at the nexus of AI and cybersecurity to create a new generation of cybersecurity tools.

In an increasingly interconnected world, software undergirds everything from financial systems to public utilities. As software enables modern life and drives productivity, it also creates an expanding attack surface for malicious actors.

This surface includes critical infrastructure, which DARPA experts say is especially vulnerable to cyberattacks given the lack of tools capable of securing systems at scale. Recent years have exposed the threats posed to society by malicious cyber actors exploiting this state of affairs, and have made plain the daunting attack surface cyber defenders are tasked to protect. Despite these vulnerabilities, advances in modern technology may provide a path towards solving them.

“AIxCC represents a first-of-its-kind collaboration between top AI companies, led by DARPA, to create AI-driven systems to help address one of society’s greatest challenges – cybersecurity,” said Perri Adams, DARPA’s AIxCC program manager. “In the past decade, we’ve seen the development of promising new AI-enabled capabilities. When used responsibly, we see significant potential for this technology to be applied to key cybersecurity issues. By automatically defending critical software at scale, we can have the greatest impact for cybersecurity across the country, and the world.”

AIxCC will allow two tracks for participation: the Funded Track and the Open Track. Funded Track competitors will be selected from proposals submitted to a Small Business Innovation Research solicitation. Up to seven small businesses will receive funding to participate. Open Track competitors will register with DARPA via the competition website and will proceed without DARPA funding.

Teams on all tracks will participate in a qualifying event during the semifinal phase, where the top scoring teams (up to 20) will be invited to participate in the semifinal competition. Of these, the top scoring teams (up to five) will receive monetary prizes and continue to the final phase and competition. The top three scoring competitors in the final competition will receive additional monetary prizes.

AIxCC brings together leading AI companies that will work with DARPA to make their cutting-edge technology and expertise available to challenge competitors. Anthropic, Google, Microsoft, and OpenAI will collaborate with DARPA to enable competitors to develop state-of-the-art cybersecurity systems.

The Open Source Security Foundation (OpenSSF), a project of the Linux Foundation, will serve as a challenge advisor to guide teams in creating AI systems capable of addressing vital cybersecurity issues, such as the security of our critical infrastructure and software supply chains. Most software, and thus most of the code needing of protection, is open-source software, often developed by community-driven volunteers. According to the Linux Foundation, open-source software is part of roughly 80% of modern software stacks that comprise everything from phones and cars, to electrical grids, manufacturing plants, etc.¹

Finally, AIxCC competitions will be held at DEF CON with additional events at Black Hat USA, both of which are internationally recognized cybersecurity conferences that draw tens of thousands of experts, practitioners, and spectators from around the world to Las Vegas every August. AIxCC will consist of two phases: the semifinal phase and the final phase. The semifinal competition and the final competition will be held at DEF CON in Las Vegas in 2024 and 2025.

“If successful, AIxCC will not only produce the next generation of cybersecurity tools, but will show how AI can be used to better society by defending its critical underpinnings,” said Adams.

For complete details about the competition, including the timeline to register, eligibility information, rules and more, visit AICyberChallenge.com.

[1] www.linuxfoundation.org/research/addressing-cybersecurity-challenges-in-open-source-software