Overview
In an increasingly interconnected world, software undergirds everything from financial systems to public utilities. As this code enables modern life and drives productivity, it also creates an expanding attack surface for malicious actors. But advances in modern technology provide a path towards addressing the cybersecurity dilemma. The past decade has seen the development of promising new AI-enabled capabilities. When used responsibly, this new technology has significant potential to help address key societal challenges, like cybersecurity.
The Artificial Intelligence Cyber Challenge (AIxCC) is a two-year competition that brings together the best and brightest in AI and cybersecurity to safeguard the software critical to all Americans. AIxCC competitors are designing, testing and improving novel AI systems to automatically secure this critical code. Cumulative prizes total $29.5 million to teams with the best systems, including $7 million in prizes that were awarded to small businesses to empower entrepreneurial innovation during the initial phase.
AIxCC unites top AI companies with DARPA and ARPA-H to make their cutting-edge technology and expertise available for challenge competitors and facilitate the development of state-of-the-art cybersecurity systems.
AIxCC is collaborating closely with the open-source community to guide teams in creating AI systems capable of addressing vital cybersecurity issues, such as the security of critical infrastructure and software supply chains. Most software, and thus most of the code needing protection, is open-source software, often developed by community-driven volunteers. This software runs everything from transportation to water and wastewater systems, emergency services, and energy sources. At the center of this infrastructure are the health care and public health sectors, which are uniquely sensitive to disruptions in these areas.
The AIxCC Semifinal Competition was showcased at DEF CON 32 in August 2024. The Final Competition will culminate at DEF CON 33 in 2025. AIxCC is also pleased to be bringing our immersive educational and competition environment to the cybersecurity industry community at RSA Conference 2025.
Competition OVERVIEW
AIxCC consists of two competitions: the Semifinal Competition (ASC) and the Final Competition (AFC).
The ASC took place in 2024 with forty-two (42) teams submitting novel Cyber Reasoning Systems to compete. There were two tracks to compete in the ASC: the Open Track and the Small Business Track. All AIxCC teams registered with DARPA via the competition website. Small Business Track eligible teams also submitted a Technical Paper. Seven (7) small business teams were selected to receive $1 million each in prize money. Teams on all tracks competed in the ASC, with the seven (7) top-scoring teams receiving prize money and advancing to the Final Competition. During ASC, these top teams showed their ability to outperform not only the other teams but also a performance threshold based on the current state-of-the-art in software security.
The AFC is taking place in 2025 with the top seven teams from ASC competing. The top three (3) scoring teams in the Final Competition, having outperformed the other teams and a performance threshold, will receive additional monetary prizes. Prizes cumulatively totaling $29.5 million will be awarded across Small Business Track, ASC, and AFC.
Both AIxCC competitions feature challenges designed and evaluated by a team of subject matter experts. Teams are given a large suite of challenges based on real-world critical open-source and critical infrastructure software. Teams’ novel AI-driven systems are applied to find and fix vulnerabilities within these challenges.
AIxCC is partnering with leaders in AI to make cutting-edge AI technology available to competitors, such that competitors can leverage it within their solutions.
WHY x?
The “x” in AIxCC not only refers to a cross between AI and Cyber, but also to the INT 3 instruction in x86 processors. INT 3 is a well-recognized instruction used for debugging, represented by the hexadecimal number 0xCC. When the processor encounters the number 0xCC, it interrupts execution to debug the computer program.
Hexadecimal (base 16) numbers are a fundamental part of computer science. They are styled with a 0x preceding the number, and digits range from 0-9, A, B, C, D, E, F. One “byte” is represented with two digits (e.g., 0x1A).
There are many software interrupt instructions, INT #, and most have a two-byte opcode (e.g., INT 16 is represented by 0xCD 0x58). INT 3 is special: it has a recognizable, one-byte opcode: 0xCC.
To the computer expert, 0xCC is a familiar instruction used for a crucial purpose: removing bugs from computer programs — which is, of course, the goal of AIxCC.
