DARPA Taps Hackers to Fortify Critical Software Against Cyber Threats

The urgency of securing vulnerable software infrastructure is at the heart of an ambitious new DARPA program — the AI Cyber Challenge (AIxCC). Through competitions engaging top security talent, AIxCC aims to spur innovative tools that automatically detect and patch flaws at scale.

As highlighted in Perri Adams, DARPA AIxCC Program Manager's announcement at BlackHat 2023, modern life increasingly depends on software, yet this vast codebase represents a prime attack surface for malicious actors. Recent years exposed the pressing need for advanced capabilities to lock down our software foundations.

Adams believes competitions can drive breakthroughs at the intersection of artificial intelligence and security.  She first became passionate about cybersecurity through Capture the Flag games as a computer science student. Competing against elite hackers was deeply educational, revealing diverse skillsets required for defense. These contests still inform her approach to catalyzing innovation.

AIxCC represents a novel form of challenge to spur progress securing vulnerable software underpinning critical systems. Teams must create AI systems that automatically identify and patch vulnerabilities at scale to succeed.

Adams highlights recent gains in AI offer promising paths to get ahead of threats if harnessed responsibly. AIxCC aims to bring together top talent across AI and security to explore this potential through competition. She believes the power of challenges is forcing function and collaboration missing thus far. AIxCC is an opportunity to show AI meaningfully applied to society's greatest digital challenges.

AIxCC seeks to meet the challenge of securing infrastructure by mobilizing security researchers and AI experts in a collaborative mission. The two-year program encompasses both funded and open tracks for qualifying teams to compete in solving software security challenges.

The objective is overcoming the resource constraints that prevent patching pervasive software flaws manually. Competitors will leverage AI techniques to develop automated systems for securing widely used code at national infrastructure scale.

Key private sector players, including Anthropic, Google, Microsoft, and OpenAI, will provide access to leading AI platforms for competitors. DARPA expects integrating state-of-the-art commercial AI will catalyze breakthrough cybersecurity innovations.

The Linux Foundation's OpenSSF project will advise teams on effectively applying AI to open-source security issues, which comprise the majority of software needing protection. Events will be held at the prestigious DEFCON and BlackHat security conferences.

Up to seven funded teams can get up to $750,000 each to compete in the semi-finals, where around 20 total teams will qualify for the final round. Prizes up to $75,000 will be awarded to top finishers who best demonstrate AI's potential to reinforce software integrity.

By tapping skilled security engineers to find and fix flaws proactively, AIxCC exemplifies an enlightened strategy for cyber defense. The program recognizes technologists are a powerful ally in building resilience, rather than a liability to be policed.

AIxCC aims to cultivate advanced capabilities before disasters strike by incentivizing hackers to lend their talents. Developing autonomous solutions today will pay dividends securing critical systems against attacks by adversary nations down the road.

Through this innovative public-private partnership, DARPA seeks to channel AI's immense potential toward benefiting society by hardening vulnerable code that serves as pillars of our interconnected world.

Adams believes AIxCC will build thoughtfully on decades of security research rather than just throw neural networks at problems. The goal is driving substantive innovation at the nexus of AI and proven methodologies.

She notes the critical role open source plays in real-world defense and supply chain integrity. The Linux Foundation's OpenSSF will advise teams on addressing vital issues for open-source security.

In Adams’ vision, AIxCC winners will advance public good by open-sourcing innovations. New autonomous capabilities developed will be freely available to both commercial and community developers.

Ultimately, Adams sees AIxCC as an opportunity to point AI’s immense capacities toward benefiting society. The program recognizes technologists are partners in building digital resilience. By incentivizing their talents, AIxCC aims to cultivate advanced defensive systems ready to meet tomorrow’s threats.