The Defense Advanced Research Projects Agency (DARPA) is taking steps to enhance the security of critical infrastructure software through the launch of a two-year contest called the AI Cyber Challenge. In collaboration with AI startups Anthropic and OpenAI, as well as tech giants Microsoft and Google, DARPA aims to identify and address software vulnerabilities using AI technology.
The competition will involve U.S.-based teams competing to secure important software, specifically critical infrastructure code, by utilizing AI. To ensure the success of the challenge, the Linux Foundation’s Open Source Security Foundation (OSC) will serve as an advisor. A total of $18.5 million in prizes will be awarded to the top participants.
DARPA is also offering $1 million each to up to seven small businesses interested in participating in the challenge. The objective is to develop systems that can automatically defend software against cyberattacks. DARPA program manager Perry Adams, who conceived the AI Cyber Challenge, believes that AI has the potential to greatly enhance the security of code when used responsibly.
Open source code is increasingly being used in critical software, with a GitHub survey revealing that 97% of apps leverage open source code. However, this widespread use of open source has also led to an increase in vulnerabilities and exploits. An analysis by Synopsys discovered that 84% of codebases contained at least one known open source vulnerability, while 91% had outdated versions of open source components.
These vulnerabilities have resulted in a surge of supply chain attacks, with a Sonatype study reporting a 633% year-over-year increase in such attacks in 2022. The Colonial Pipeline ransomware attack and the SolarWinds supply chain attack have further emphasized the need to improve software supply chain security.
To address these concerns, the Biden-Harris Administration issued an executive order to enhance software supply chain security and established a cybersecurity safety review board. In partnership with The Open Source Security Foundation and Linux Foundation, the White House has called for $150 million in funding over two years to address open source security issues.
The AI Cyber Challenge aims to explore how AI can contribute to cybersecurity and protect critical infrastructure. By utilizing AI in cybersecurity tools, the challenge aims to not only strengthen defenses but also demonstrate the broader societal benefits of AI.
While AI has been associated with cyberattacks, experts believe that AI advancements can also fortify organizations’ cybersecurity by enabling security professionals to perform tasks more efficiently. According to a Kroll poll, over half of global business leaders are already using AI in their latest cybersecurity efforts.
The AI Cyber Challenge will kick off with a qualifying event in Spring 2024, where teams will compete for a chance to participate in a semifinal competition at DEF CON conference later that year. The top five teams will receive $2 million and proceed to the final phase of the competition, to be held at DEF CON 2025. The top three teams in the final round will receive additional prizes, with the first-place winner securing $4 million.
Although winners will be asked to open source their AI systems, it is not a requirement for participation.
The AI Cyber Challenge builds upon the model assessment conducted at this year’s DEF CON conference, which aims to identify and address malicious exploits using large language models like OpenAI’s ChatGPT. The assessment will also evaluate the alignment of these models with the principles outlined in the Biden-Harris administration’s blueprint for an AI bill of rights and the National Institute of Standards and Technology’s AI risk management framework.
