The White House has unveiled plans for a two-year competition with $18.5 million in prizes for artificial intelligence coders who can come up with ways to identify and fix software vulnerabilities in critical infrastructure code, such as that which runs the Internet. Styled AIxCC, the AI Cyber Challenge is being led by the Defense Advanced Research Projects Agency (DARPA) with support from companies including Anthropic, Google, Microsoft and OpenAI, who have committed to lending expertise and technology. Up to seven small businesses will potentially receive $1 million each to participate.

“The recent gains in AI, when used responsibly, have remarkable potential for securing our code,” DARPA Program Manager Perri Adams is quoted by TechCrunch as saying at a press briefing where she explained that the goal is “to create systems that can automatically defend any kind of software from attack.”

The AIxCC initiative was announced last week at the Black Hat USA conference in Las Vegas, a major global hacking conference.

“A qualifying event will be held in the spring, where up to 20 top-scoring teams will be chosen to advance to the semifinal competition at DEF CON 2024,” another cybersecurity conference, also held in Las Vegas, writes CNBC. “Up to five of those teams will win $2 million each and advance to the final at DEF CON 2025.”

The three top-placed teams will be eligible for further remuneration, including a grand prize of $4 million for coding that “best secures vital software,” according to the White House.

AIxCC has two tracks for participation. The Funded Track will select from proposals submitted to a Small Business Innovation Research group that will award up to $1 million each to as many as seven small businesses to fund their participation, a DARPA press release explains.

The Open Track competitors can register with DARPA via the AIxCC website and proceed without DARPA funding.

“Competitors will be asked to open source their systems so that their solutions can be used widely,” CNBC reports. DARPA stressed that the trend toward open-source coding has paved the way for innovation, but also increased security vulnerabilities.

The Linux Foundation’s Open Source Security Foundation (OpenSSF), an advisor on the challenge, says “open-source software is part of roughly 80 percent of modern software stacks that comprise everything from phones and cars, to electrical grids, manufacturing plants,” and more.

TechCrunch cites “a 2023 analysis from Synopsys found that 84 percent of codebases contained at least one known open source vulnerability, and that 91 percent had outdated versions of open source components,” adding that “in 2022, the number of supply chain attacks — attacks on third-party, typically open source components of a larger codebase — increased 633 percent year-over-year,” according to a report from Sonatype.

Related:
Legions of DEF CON Hackers Will Attack Generative AI Models, VentureBeat, 8/10/23
CISA’s Strategic Plan Adheres to Overall Biden Administration Direction on Cybersecurity, CyberScoop, 8/4/23
White House Launches AI Cyber Challenge to Test How Top AI Models Protect Software, VentureBeat, 8/9/23