The US Government’s Defense Advanced Research Projects Agency (DARPA) has revealed a two-year contest to find the best AI tools for fixing software vulnerabilities.
The AI Cyber Challenge will be held in collaboration with industry heavyweights including OpenAI, Google and Microsoft, with the Linux Foundation’s Open Source Security Foundation (OpenSSF) acting as the challenge advisor.
With $18.5m in total up for grabs as prizes, the task of the competing teams, who will all be US-based, is to come up with a way to protect software that runs critical infrastructure code using AI. The small businesses that participate will get $1M each from DARPA to develop their tools.
Open source worries
DARPA program manager Perry Adams said that, “We want to create systems that can automatically defend any kind of software from attack,” adding, “The recent gains in AI, when used responsibly, have remarkable potential for securing our code, I think.”
With the huge proliferation of open source code used in all manner of applications, there are now more codebases with vulnerabilities. This has opened the door to more and more supply chain attacks, which can have devastating and far-reaching impacts.
In response, President Biden signed an executive order to increase cybersecurity standards for the software supply chain, to ensure that such software used by the government is safe from the start.
Despite concerns that the government has also voiced over the recent explosion of AI, even wanting to launch an AI bill of rights, it seems that it also has faith in its powers to do good with the new competition.
“The AI Cyber Challenge is a chance to explore what’s possible when experts in cybersecurity and AI have access to a suite of cross-company resources of combined, unprecedented caliber,” Adams said.
“If we’re successful, I hope to see the AI Cyber Challenge not only produce the next generation of cybersecurity tools in this space, but show how AI can be used to better society by here defending its critical underpinnings.”
As many cybercriminals are turning to AI to launch attacks, defenders and security software vendors are also making use of the this high-level automation to detect and counter threats.
Qualifying for the AI Cyber Challenge will take place in Spring 2024, with up to 20 of the best performers invited to the semifinal at that year’s DEF CON conference. Up to five of the winning teams will receive $2M in prizes and then make it to the final at DEF CON 2025. The top three will also receive prizes, and the outright winner will get $4M.
All winners will be asked to make their developed systems open source, although they will not be required to do so; it is purely voluntary.