In an increasingly interconnected world, software undergirds everything from financial systems to public utilities. As this code enables modern life and drives productivity, it also creates an expanding attack surface for malicious actors. But advances in modern technology provide a path towards addressing the cybersecurity dilemma. The past decade has seen the development of promising new AI-enabled capabilities. When used responsibly, this new technology has significant potential to help address key societal challenges , like cybersecurity.
The Artificial Intelligence Cyber Challenge (AIxCC) is a two-year competition asking the best and brightest in AI and cybersecurity to defend the software on which all Americans rely. AIxCC will ask competitors to design novel AI systems to secure this critical code and will award a cumulative $18.5 million in prizes to teams with the best systems. In addition, to empower entrepreneurial innovation, DARPA will fund up to seven small businesses with up to $1 million each to compete in the initial phase of AIxCC.
AIxCC will bring together leading AI companies that will work with DARPA to make their cutting-edge technology available to challenge competitors. Anthropic, Google, Microsoft, and OpenAI will collaborate with DARPA to enable competitors to develop state-of-the-art cybersecurity systems.
AIxCC is collaborating closely with the Open Source Security Foundation (OpenSSF), a project of the Linux Foundation, to guide teams in creating AI systems capable of addressing vital cybersecurity issues, such as the security of critical infrastructure and software supply chains. Most software, and thus most of the code needing protection, is open-source software, often developed by community-driven volunteers. Further, open-source software comprises most of the code running on critical infrastructure in the United States today, including the electricity and telecommunications sectors.
AIxCC competitions will take occur at one of the world’s top cybersecurity conferences, DEF CON. The semifinal competition will be at DEF CON 2024, and the final competition at DEF CON 2025, with the top prize of $4 million.
AIxCC will consist of three competitions:
AIxCC will allow two tracks for participation: the Funded Track and the Open Track. Funded Track competitors will be selected from proposals submitted to a Small Business Innovation Research (SBIR) solicitation, and up to seven small businesses will receive funding to participate. Open Track competitors will register with DARPA via the competition website and proceed without DARPA funding.
Teams on all tracks will compete in the AQC, culminating in up to 20 teams advancing to the ASC. Of these, up to the top five scoring teams who show their ability to outperform not only the other teams, but a performance threshold based on the current state-of-the-art in software security, will receive monetary prizes and advance to the AFC. The top three scoring competitors in the final competition will receive additional monetary prizes, having outperformed the other teams and a performance threshold. Prizes cumulatively totaling $18.5M will be awarded across ASC and AFC.
Each AIxCC competition will feature challenges designed and evaluated by a team of subject matter experts. Teams will be given a large suite of challenges based on real-world critical open-source and critical infrastructure software. Teams will design AI-driven systems to find and fix vulnerabilities within these challenges.
AIxCC will partner with leaders in AI to make cutting-edge AI technology available to competitors, such that competitors can leverage it within their solutions.
The “x” in AIxCC not only refers to a cross between AI and Cyber but to the INT 3 instruction in x86 processors. INT 3 is a widely known instruction called for debugging purposes. INT 3 is represented by the hexadecimal number 0xCC. When the processor encounters the number 0xCC, it interrupts execution to debug the computer program.
Hexadecimal (base 16) numbers are a fundamental part of computer science. They are styled with a 0x preceding the number, and digits range from 0-9, A, B, C, D, E, F. One “byte” is represented with two digits (e.g., 0x1A).
There are many software interrupt instructions, INT #, and most have a two-byte opcode (e.g., INT 16 is represented by 0x58 0x5B). INT 3 is special: it has a recognizable, one-byte opcode: 0xCC.
To the computer expert, 0xCC is a familiar instruction used for a crucial purpose: removing bugs from computer programs, which is, of course, the goal of AIxCC.