The race is on to leverage artificial intelligence to protect critical systems and infrastructure from increasingly sophisticated cyber threats. This week, the Defense Advanced Research Projects Agency (DARPA) announced an ambitious new initiative at the Black Hat cybersecurity conference in Las Vegas: a two-year, $18.5 million competition challenging tech experts to develop AI-powered cybersecurity tools.
Dubbed the AI Cyber Challenge (AIxCC), the event aims to spur innovations that use AI to automatically detect and patch vulnerabilities in software used to run the internet, power grids, transportation systems, and other vital infrastructure. Participants will compete over multiple rounds to build the most effective system possible using the same core concept.
The competition comes as cyberattacks against U.S. critical infrastructure, from colonial pipeline disruptions to water treatment plant intrusions, have ramped up alarmingly in recent years. Budget and staff limitations often prevent these systems from keeping pace with the latest cyber advances. AIxCC seeks to bridge that gap by tapping the power of artificial intelligence.
"The recent gains in AI, when used responsibly, have remarkable potential for securing our code," said Perri Adams, DARPA program manager. "This challenge is an opportunity to apply some of our greatest technical resources to protecting Americans."
To support competitors, leading AI firms like Anthropic, Google, Microsoft and OpenAI will provide access to cutting-edge models. DARPA will also devote $7 million to help small businesses participate. The competition kicks off next spring with a qualifying round, leading up to the finals at the 2024 and 2025 DEF CON hacking conferences.
The top three finishers will share $18.5 million in prizes, with $4 million going to the winner. But the benefits will extend far beyond the competitors themselves. Entrants must agree to make their systems freely available as open source tools after the challenge ends. The Open Source Security Foundation will advise the competition and help rapidly deploy the solutions.
Full details for participating in AIxCC can be found on the recently launched AIxCC website. The site provides the schedule, rules, and instructions on how to register teams, qualify for the events, and leverage the available AI resources. Teams have until December 15, 2023 to submit a proposal.
The competition represents the latest effort by the Biden administration to spur responsible and beneficial AI development. It comes on the heels of voluntary commitments by AI firms to enable independent evaluation of large language models. The administration also plans to issue an executive order and pursue legislation guiding AI innovation.
With the AIxCC, the government hopes to strengthen defenses and turn the tide against the growing digital threats endangering America's critical infrastructure. The event will demonstrate AI's potential to automate discovery and remediation of vulnerabilities in the vast amounts of code underpinning society. If successful, the cybersecurity systems created could someday see broad adoption protecting vital systems across the public and private sectors.