This year’s Black Hat USA 2023 conference in Las Vegas, which kicked off last Saturday and concluded on Thursday, a number of top cybersecurity tools, platforms, and services were unveiled. This year marked the 26th anniversary of the program, which is known for all things related to hacking and cybersecurity – but this year was also unique in that artificial intelligence (AI) was very much in the spotlight.
AI could prove to be a considerable game changer in the world of cybersecurity, a fact not lost on the Defense Advanced Research Projects Agency (DARPA). On Wednesday at the conference, DARPA issued a call to top computer scientists, AI experts, software developers, and beyond to participate in the AI Cyber Challenge (AIxCC).
AIxCC Aims to Drive Innovation
This is a two-year competition that will be aimed at driving innovation at the nexus of AI and cybersecurity to create a new generation of cybersecurity tools. DARPA has noted that in our increasingly interconnected world, software undergirds everything from financial systems to public utilities. As all this software enables modern life and drives productivity, it also creates an expanding attack surface for malicious actors and cyberattacks.
“AIxCC represents a first-of-its-kind collaboration between top AI companies, led by DARPA, to create AI-driven systems to help address one of society’s greatest challenges – cybersecurity,” said Perri Adams, DARPA’s AIxCC program manager, via a statement.
“In the past decade, we’ve seen the development of promising new AI-enabled capabilities,” Adams added. “When used responsibly, we see significant potential for this technology to be applied to key cybersecurity issues. By automatically defending critical software at scale, we can have the greatest impact for cybersecurity across the country, and the world.”
The Challenge will offer a total of $20 million in prize money.
Two Tracks for Participation
AIxCC will allow two tracks for participation: the Funded Track and the Open Track. Funded Track competitors will be selected from proposals submitted to a Small Business Innovation Research solicitation. Funded Track competitors will be selected from proposals submitted to a Small Business Innovation Research solicitation, and up to seven small businesses will receive funding to participate.
Open Track competitors will register with DARPA via the competition website and will proceed without DARPA funding.
DARPA also announced that the teams on all tracks will participate in a qualifying event during the semifinal phase, where the top-scoring teams – up to 20 in total – will be invited to participate in the semifinal competition. Of those, the top five scoring teams will receive monetary prizes, while they will also continue to the final phase and competition.
The top three scoring competitors in the final competition will receive additional monetary prizes.
Cutting Edge Technology
DARPA has noted that AIxCC seeks to bring together leading AI companies that will work with DARPA to make their cutting-edge technology and expertise available to challenge competitors. It was already announced that Anthropic, Google, Microsoft, and OpenAI are among the companies that will collaborate with DARPA to enable competitors to develop state-of-the-art cybersecurity systems.
In addition, the Open Source Security Foundation (OpenSSF), a project of the Linux Foundation, will serve as a challenge advisor to guide teams in creating AI systems capable of addressing vital cybersecurity issues. That will include providing the security of the challenge’s critical infrastructure and software supply chains.
“If successful, AIxCC will not only produce the next generation of cybersecurity tools, but will show how AI can be used to better society by defending its critical underpinnings,” said Adams.
AIxCC competitions will be held at DEF CON with additional events at Black Hat USA – and it will consist of two phases. The semifinal phase and the final phase, with each to be held at DEF CON in Las Vegas in 2024 and 2025.
A Step in the Right Direction
2023 is already being seen as the year of AI transformation with the widespread adoption of tools such as ChatGPT, while predictive AI is being touted as the next major step. Addressing the security threat and challenges of AI could also be critical.
“We applaud the administration for its recognition of the crucial role the hacker community can play in identifying, codifying, and closing the major security gaps that AI and ML platforms embody, foster or at the least, don’t address,” Chloé Messdaghi, head of threat research at Protect AI, told ClearanceJobs via an email.
“Protect AI has just launched the Huntr platform to pay security researchers for discovering vulnerabilities in open-source software, focusing exclusively on AI/ML threat research. We launched Huntr specifically because we noticed two things,” added Messdaghi.
The capabilities of AI are already being considered, as well as its potential to be used in nefarious ways. However, Messdaghi suggested there are other threats from AI – and which AIxCC could possibly address.
“First, people in security aren’t aware of all of the vulnerabilities inherent in AI & ML or that improper usage can create and amplify,” she continued. “A platform that helps bug bounty hunters find vulnerabilities is critically important to helping drive new generations of safe, secure, and effective AI-driven technologies and systems. It’s great to see the Administration, the cybersecurity community, and the hacker community come together to help ensure a safe future. The hacker community has been committed to and contributing to exactly this type of future for the last two decades.”
