Background
In an increasingly interconnected world, software undergirds everything from financial systems to public utilities. As this code enables modern life and drives productivity, it also creates an expanding attack surface for malicious actors. But advances in modern technology provide a path towards addressing the cybersecurity dilemma. The past decade has seen the development of promising new AI-enabled capabilities. When used responsibly, this new technology has significant potential to help address key societal challenges, like cybersecurity.
The Artificial Intelligence Cyber Challenge (AIxCC) is a two-year competition that brings together the best and brightest in AI and cybersecurity to safeguard the software critical to all Americans. AIxCC will ask competitors to design novel AI systems to secure this critical code and will award a cumulative $29.5 million in prizes to teams with the best systems, including $7 million in prizes to small businesses to empower entrepreneurial innovation during the initial phase of AIxCC.
AIxCC will unite top AI companies with DARPA and ARPA-H to make their cutting-edge technology and expertise available for challenge competitors and facilitating the development of state-of-the-art cybersecurity systems.
AIxCC is collaborating closely with the open-source community, to guide teams in creating AI systems capable of addressing vital cybersecurity issues, such as the security of critical infrastructure and software supply chains. Most software, and thus most of the code needing protection, is open-source software, often developed by community-driven volunteers. This software runs everything from transportation to water and wastewater systems, emergency services, and energy sources. At the center of this infrastructure are the health care and public health sectors, which are uniquely sensitive to disruptions in these areas.
AIxCC competitions will occur at one of the world’s top cybersecurity conferences, DEF CON. The semifinal competition will be at DEF CON 2024, and the final competition at DEF CON 2025, where the top prize will be $4 million.
STRUCTURE
AIxCC will consist of two competitions:
- August 2024: AIxCC Semifinal Competition (ASC)
- August 2025: AIxCC Final Competition (AFC)
AIxCC will allow two tracks for participation: the Open Track and the Small Business Track. All AIxCC teams will register with DARPA via the competition website. To be considered for the Small Business Track Competition, eligible teams will submit a Technical Paper via the competition website. The Small Business Track will consist of up to seven (7) small businesses who will receive prize money. Teams on all tracks will compete in the ASC, culminating in up to seven (7) teams advancing to the AFC. These top scoring teams will have shown their ability to outperform not only the other teams but also a performance threshold based on the current state-of-the-art in software security. The top teams will receive monetary prizes and advance to the AFC. The top three scoring competitors in the final competition, having outperformed the other teams and a performance threshold, will receive additional monetary prizes. Prizes cumulatively totaling $29.5 million will be awarded across Small Business Track, ASC and AFC.
Each AIxCC competition will feature challenges designed and evaluated by a team of subject matter experts. Teams will be given a large suite of challenges based on real-world critical open-source and critical infrastructure software. Teams will design AI-driven systems to find and fix vulnerabilities within these challenges.
AIxCC will partner with leaders in AI to make cutting edge AI technology available to competitors, such that competitors can leverage it within their solutions.
WHY x?
The “x” in AIxCC not only refers to a cross between AI and Cyber, but also to the INT 3 instruction in x86 processors. INT 3 is a well-recognized instruction used for debugging, represented by the hexadecimal number 0xCC. When the processor encounters the number 0xCC, it interrupts execution to debug the computer program.
Hexadecimal (base 16) numbers are a fundamental part of computer science. They are styled with a 0x preceding the number, and digits range from 0-9, A, B, C, D, E, F. One “byte” is represented with two digits (e.g., 0x1A).
There are many software interrupt instructions, INT #, and most have a two-byte opcode (e.g., INT 16 is represented by 0xCD 0x58). INT 3 is special: it has a recognizable, one-byte opcode: 0xCC.
To the computer expert, 0xCC is a familiar instruction used for a crucial purpose: removing bugs from computer programs — which is, of course, the goal of AIxCC.