DARPA’s massive defensive AI challenge begins in December


The original announcement of the AIxCC challenge — and its millions in prize money — made waves at Black Hat 2023.

As a celebration of all things hacking, coding and technology, both the Black Hat and DEF CON conventions have had their share of surprises over the years. At previous shows, hackers have demonstrated how to successfully attack everything from a government satellite in orbit to a smart vehicle while it was being driven. But last August featured one of the biggest shocks at Black Hat 2023 when officials from the Defense Advanced Research Projects Agency showed up to make a surprise, unscheduled announcement about a massive, two year Artificial Intelligence Cyber Challenge backed by millions in prize money.

At the time of the original announcement, not a lot was known about the AI Cyber Challenge, which DARPA dubbed the AIxCC. Over the next few months, more details about the challenge came to light, including the fact that it was sponsored and backed by the White House, with the ultimate goal being the creation of an AI or an AI toolset that could autonomously intercept and mitigate all types of cyberthreats aimed at government, critical infrastructure and the private sector.

According to a statement about the challenge from the White House, “this competition, which will feature almost $20 million in prizes, will drive the creation of new technologies to rapidly improve the security of computer code, one of cybersecurity’s most pressing challenges.”

Tasking AI to detect and automatically mitigate threats without the need for human intervention has been an often cited goal for the technology, although in practice it is not there yet. AI and other similar technologies like machine learning can certainly help enhance cybersecurity, but the concept of mostly autonomous AIs working at machine speed to accurately defend networks and infrastructure from all threats is still theoretical. AIxCC aims to change that, with major innovators in the AI space like Anthropic, Google, Microsoft and OpenAI offering up their most advanced technology to teams working on the challenge.

“AIxCC represents a first-of-its-kind collaboration between top AI companies, led by DARPA, to create AI-driven systems to help address one of society’s greatest challenges – cybersecurity,” said Perri Adams, DARPA’s AIxCC program manager. “In the past decade, we've seen the development of promising new AI-enabled capabilities. When used responsibly, we see significant potential for this technology to be applied to key cybersecurity issues. By automatically defending critical software at scale, we can have the greatest impact for cybersecurity across the country, and the world.”

The challenge is set up into two tiers: a sponsored one where up to seven participants from small businesses will be paid to work on the challenge, and then an open track that anyone can participate in, with the winners from that track earning the lion’s share of the prize money. Registration for the open track begins on December 1 at the AIxCC website.

The first qualifying event where teams that have developed defensive AI as part of the challenge can demonstrate their technology will take place in the spring of next year. From there, the top 20 teams will be invited to the semi final phase taking place at DEF CON 2024. Five teams will emerge from that phase, with each earning $2 million and being invited to the final round at DEF CON 2025 the following year. At that final phase, the top three teams will be chosen as the ultimate winners. Each will be awarded additional prize money, with $4 million given to the first place winner. Their technology could also be immediately put in place to begin defending critical infrastructure.

Judging for the challenge will be led by The Open Source Security Foundation, a project of the Linux Foundation. The OpenSSF organization will also help to get the winning software code into use as quickly as possible to begin protecting American infrastructure.

“If successful, AIxCC will not only produce the next generation of cybersecurity tools, but will show how AI can be used to better society by defending its critical underpinnings,” Adams added.

John Breeden II is an award-winning journalist and reviewer with over 20 years of experience covering technology. He is the CEO of the Tech Writers Bureau, a group that creates technological thought leadership content for organizations of all sizes. Twitter: @LabGuys