New Tools to Rapidly Find and Fix Flaws Are the Focus of DARPA’s AI Cyber Challenge
The White House is launching Wednesday a cybersecurity challenge designed to harness the power of artificial intelligence to better find and fix vulnerabilities in critical software code.
Announced at the annual Black Hat cybersecurity conference in Las Vegas, officials said the AI Cyber Challenge will bring together the “best and the brightest in AI and security,” backed by nearly $20 million in prizes.
The goal of the two-year “AIxCC” is to use AI to develop a new generation of software tools that can be used to rapidly find and fix vulnerabilities in both commercial and open-source software. Cybersecurity officials expect such tools to bolster cybersecurity resilience by securing a range of critical infrastructure sectors and applications ranging from energy and transportation to medical devices, financial services and beyond.
The hope is that AI can give network defenders an edge. “In cybersecurity, there’s always a race between offense and defense,” Anne Neuberger, the U.S. deputy national security adviser, told reporters Tuesday afternoon. “We see the promise of AI in enabling defense to be one step ahead.”
The competition is being run by the Defense Advanced Research Projects Agency and includes the participation of Anthropic, Google, Microsoft and OpenAI. Officials said those firms will lend not just their platforms but also in-house expertise to guide participants.
“DARPA has used these types of prize challenges for nearly two decades to attract a wide raft of talented people and organizations to compete to solve staggeringly hard problems,” said Arati Prabhakar, director of the White House Office of Science and Technology Policy.
“This is one of the ways that public and private sectors work together to do big things, to change how the future unfolds, and that’s why the White House asked DARPA to take on the critical topic of AI for cybersecurity,” she said.
To level the AIxCC playing field, DARPA will award up to $1 million to each of seven small businesses that want to partake in the challenge.
Participating teams will compete in a spring 2024 qualifying event. Up to 10 finalists will advance to an August 2024 semifinal competition to be held at the annual DEF CON conference in Las Vegas. Up to five of those highest-scoring teams will receive $2 million each and advance to the finals, to be held at DEF CON 2025. The finalists with the top three scores will receive additional prizes.
“To win first place, and the top prize of $4 million, finalists must build a system that can rapidly defend critical infrastructure code from attack,” said Perri Adams, a program manager in DARPA’s Information Innovation Office.
Organizers anticipate such cybersecurity tools won’t just lead to individual point products or code bases being better secured. Fixing vulnerabilities in software that gets widely used in different supply chains, including open-source code, should have “an expansive impact on all of the downstream software projects as well,” Adams said.
Prizewinners will be expected to open-source their solutions.
The Open Source Security Foundation, run by the Linux Foundation, is serving as a contest adviser. “It will also help ensure that the winning software code is put to use right away protecting America’s most vital software and keeping the American people safe,” the White House said.
The contest is the latest in a slew of White House initiatives aimed at guiding the responsible use and development of AI, as well as applying it to bolster the national security.
The Biden administration last month announced that seven leading AI companies – Amazon, Anthropic, Google, Inflection, Meta, Microsoft and OpenAI – had agreed to abide by a range of voluntary guidelines, including testing the internal and external security of their AI systems before release. The administration has also released a Blueprint for an AI Bill of Rights detailing five principles it wants AI practitioners to uphold to safeguard Americans, not least against unlawful bias and discrimination.
The White House also said it’s developing an executive order – and pursuing bipartisan legislation – aimed at promoting responsible AI innovation.
“President Biden has been clear: AI is the most powerful technology of our time, and we have to get it right for the American people,” Prabhakar said.