News Releases

OpenSSF to Support DARPA on New AI Cyber Challenge (AIxCC)

New DARPA Challenge with $18.5M in prizes launched to automatically find and fix software vulnerabilities using artificial intelligence

LAS VEGAS, Aug. 9, 2023 /PRNewswire/ -- The Open Source Security Foundation (OpenSSF) announced today at Black Hat 2023 its collaboration with the Defense Advanced Research Projects Agency (DARPA) on the AI Cyber Challenge (AIxCC) – a two-year competition aimed at driving innovation at the nexus of AI and cybersecurity to create a new generation of cybersecurity tools.

We are excited to advise DARPA on AIxCC drawing on the expertise of the OpenSSF in securing open source software

AIxCC brings together leading AI organizations that will work with DARPA to make their cutting-edge technology available for challenge competitors, including OpenAI, Anthropic, Google, and Microsoft.

The Open Source Security Foundation (OpenSSF) will serve as challenge advisor to guide teams creating AI systems capable of addressing vital cybersecurity issues, such as the security of our critical infrastructure and software supply chains.

"Open source software is an essential and core part of our nation's critical infrastructure," said Omkhar Arasaratnam, General Manager of the OpenSSF. "Finding new and innovative ways to ensure our open source software supply chain is secure by construction is in everyone's best interest. We are excited to advise DARPA on the AI Cyber Challenge drawing on the expertise of the OpenSSF in securing open source software, and as a result of this challenge, we look forward to a more secure open source software supply chain for the greater public good."

In an increasingly interconnected world, open source software undergirds everything from financial systems to public utilities. As software enables modern life and drives productivity, it also creates an expanding attack surface for malicious actors. This surface includes critical infrastructure, which DARPA experts say is especially vulnerable to cyberattacks given the lack of tools capable of securing systems at scale. However, advances in modern technology provide a path towards securing the nation's most critical software.

AIxCC will consist of two phases, the semifinal phase and the final phase. The semifinal competition and the final competition will be held at DEF CON in Las Vegas in 2024 and 2025, respectively.

Teams will participate in a qualifying event during the semifinal phase, where the top scoring teams (up to 20) will be invited to participate in the semifinal competition. Of these, the top scoring teams (up to five) will receive monetary prizes and continue to the final phase and competition. The top three scoring competitors in the final competition will receive additional monetary prizes.

For complete details about the competition, including the timeline to register, eligibility information, rules and more, visit AICyberChallenge.com.

MEDIA OPPORTUNITIES

For Black Hat USA Registered Media
On Aug. 9, from 10:30 a.m.-12:00 p.m. PT in conference room Oceanside D, Level 2 at the Mandalay Bay Convention Center, DARPA officials and AIxCC stakeholders will be available to take questions. Please note, this opportunity is open to all media who are registered to attend Black Hat USA and are on-site. Questions will be addressed in a group setting and media are welcome to visit at any point during this timeframe as their schedule allows.

For All Media, Virtual Press Conference
On Aug. 9, from 2:00-3:00 p.m. PT, representatives from DARPA and AIxCC stakeholders will take questions over Zoom. Participation is limited to reporters actively representing a media outlet and registration is required. Interested media may contact DARPA Public Affairs at outreach@darpa.mil by 12:30 p.m. PT on Aug. 9 to receive details to join the discussion.

For Media Attending DEF CON
On Aug. 11, from 2:30-2:50 p.m. PT in DEF CON Track 2, AIxCC program manager Perri Adams will moderate a panel with AIxCC stakeholders about the motivations behind the competition. Adams and other panelists will have limited availability immediately following the panel for questions.

About the OpenSSF
The Open Source Security Foundation (OpenSSF) is a cross-industry organization at the Linux Foundation that brings together the industry's most important open source security initiatives and the individuals and companies that support them. The OpenSSF is committed to collaboration and working both upstream and with existing communities to advance open source security for all. For more information, please visit us at openssf.org.

About the Linux Foundation
The Linux Foundation is the world's leading home for collaboration on open source software, hardware, standards, and data. Linux Foundation projects are critical to the world's infrastructure including Linux, Kubernetes, Node.js, ONAP, PyTorch, RISC-V, SPDX, OpenChain, and more. The Linux Foundation focuses on leveraging best practices and addressing the needs of contributors, users, and solution providers to create sustainable models for open collaboration. For more information, please visit us at linuxfoundation.org.

Media Contact
Jennifer Bly, OpenSSF
jbly@linuxfoundation.org

SOURCE OpenSSF