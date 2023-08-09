The Defense Advanced Research Projects Agency (DARPA) is set to launch the AI Cyber Challenge, a two-year contest aimed at identifying and fixing software vulnerabilities using AI. The initiative is part of the White House’s effort to enhance software security. Collaborating with AI startups Anthropic and OpenAI, as well as Microsoft and Google, DARPA plans to focus on securing critical infrastructure code using AI.

The Linux Foundation’s Open Source Security Foundation (OSC) will serve as an advisor for the challenge, with $18.5 million in prizes to be awarded to the top competitors. Additionally, DARPA is offering $1 million each to up to seven small businesses that wish to participate. The goal of the challenge is to develop automatic defense systems capable of protecting any kind of software from cyber attacks.

The increasing use of open source code in critical software has led to innovation but also opened the door to vulnerabilities and exploits. A survey by GitHub revealed that 97% of apps leverage open source code, and 90% of companies use it in some way. A 2023 analysis by Synopsys found that 84% of codebases contained at least one known open source vulnerability, and 91% had outdated versions of open source components. Supply chain attacks on open source components have also seen a significant increase.

To enhance software supply chain security, the Biden-Harris Administration issued an executive order and joined The Open Source Security Foundation and Linux Foundation in calling for $150 million in funding to address open source security issues. The AI Cyber Challenge is part of the administration’s efforts to improve cybersecurity.

The challenge will involve a qualifying event in Spring 2024, with the top scorers advancing to a semifinal competition at the DEF CON conference in 2024. From there, up to five teams will receive $2 million prizes and move on to the final phase at DEF CON 2025. The top three teams in the final round will receive additional prizes, with the first-place winner receiving $4 million. While participation does not require it, the winners will be encouraged to open source their AI systems.

This initiative builds on the White House’s model assessment at EF CON, which aims to identify and fix potential exploits in large language models like OpenAI’s ChatGPT. The assessment will also evaluate the alignment of these models with the principles outlined in the Biden-Harris administration’s “AI bill of rights” and the National Institute of Standards and Technology’s AI risk management framework. By combining cybersecurity and AI expertise, the AI Cyber Challenge aims to contribute to the development of the next generation of cybersecurity tools and demonstrate the positive impact of AI in defending critical software infrastructure.

