In an increasingly interconnected world, software undergirds everything from financial systems to public utilities. As this code enables modern life and drives productivity, it also creates an expanding attack surface for malicious actors. But advances in modern technology provide a path towards addressing the cybersecurity dilemma. The past decade has seen the development of promising new AI-enabled capabilities. When used responsibly, this new technology has significant potential to help address key societal challenges, like cybersecurity.

The Artificial Intelligence Cyber Challenge (AIxCC) is a two-year competition asking the best and brightest in AI and cybersecurity to defend the software on which all Americans rely. AIxCC will ask competitors to design novel AI systems to secure this critical code and will award a cumulative $29.5 million in prizes to teams with the best systems, including $7 million in prizes to small businesses to empower entrepreneurial innovation during the initial phase of AIxCC.

AIxCC will bring together leading AI companies that will work with DARPA to make their cutting-edge technology and expertise available for challenge competitors. These companies will collaborate with DARPA to enable competitors to develop state-of-the-art cybersecurity systems.

AIxCC is collaborating closely with the open-source community, to guide teams in creating AI systems capable of addressing vital cybersecurity issues, such as the security of critical infrastructure and software supply chains. Most software, and thus most of the code needing protection, is open-source software, often developed by community-driven volunteers. Further, open-source software comprises most of the code running on critical infrastructure in the United States today, including the electricity and telecommunications sectors.

AIxCC competitions will occur at one of the world’s top cybersecurity conferences, DEF CON. The semifinal competition will be at DEF CON 2024, and the final competition at DEF CON 2025, where the top prize will be $4 million.




AIxCC will consist of two competitions:

  • August 2024: AIxCC Semifinal Competition (ASC)
  • August 2025: AIxCC Final Competition (AFC)
AIxCC will allow two tracks for participation: the Open Track and the Small Business Track. All AIxCC teams will register with DARPA via the competition website. To be considered for the Small Business Track Competition, eligible teams will submit a Concept White Paper via the competition website. The Small Business Track will consist of up to seven (7) small businesses who will receive prize money. Teams on all tracks will compete in the ASC, culminating in up to seven (7) teams advancing to the AFC. 

These top scoring teams will have shown their ability to outperform not only the other teams, but a performance threshold based on the current state-of-the-art in software security. The top teams will receive monetary prizes and advance to the AFC. The top three scoring competitors in the final competition, having outperformed the other teams and a performance threshold, will receive additional monetary prizes. DARPA plans to award prizes cumulatively totaling $29.5 million during AIxCC.

Each AIxCC competition will feature challenges designed and evaluated by a team of subject matter experts. Teams will be given a large suite of challenges based on real-world critical open-source and critical infrastructure software. Teams will design AI-driven systems to find and fix vulnerabilities within these challenges.

AIxCC will partner with leaders in AI to make cutting edge AI technology available to competitors, such that competitors can leverage it within their solutions.

WHY x?

The “x” in AIxCC not only refers to a cross between AI and Cyber but to the INT 3 instruction in x86 processors. INT 3 is a widely known instruction called for debugging purposes. INT 3 is represented by the hexadecimal number 0xCC. When the processor encounters the number 0xCC, it interrupts execution to debug the computer program.

Hexadecimal (base 16) numbers are a fundamental part of computer science. They are styled with a 0x preceding the number, and digits range from 0-9, A, B, C, D, E, F. One “byte” is represented with two digits (e.g., 0x1A).

There are many software interrupt instructions, INT #, and most have a two-byte opcode (e.g., INT 16 is represented by 0xCD 0x58). INT 3 is special: it has a recognizable, one-byte opcode: 0xCC.

To the computer expert, 0xCC is a familiar instruction used for a crucial purpose: removing bugs from computer programs, which is, of course, the goal of AIxCC.