DARPA awards $1 million to Trail of Bits for AI Cyber Challenge

We're excited to share that Trail of Bits has been selected as one of the seven exclusive teams to participate in the small business track for DARPA's AI Cyber Challenge.
Our team will receive a $1 million award to create a Cyber Reasoning System and compete in the AIxCC Semifinal Competition later this summer.
Our involvement in the AIxCC represents a step forward in our commitment to pushing the boundaries of what's possible, envisioning a future where cybersecurity challenges are met with innovative, AI-powered solutions.
Disclaimer: Information about AIxCC's rules, structure, and events referenced in this document are subject to change.
The guiding principles for building our CRS. In addition to competing in the AIxCC's spiritual predecessor, the Cyber Grand Challenge, our team at Trail of Bits has been working to apply AI/ML techniques to critical cybersecurity problems for many years.
DARPA's CGC, like the AIxCC, tasked competitors with developing CRSs that find vulnerabilities at scale without any human intervention.
The CRS Trail of Bits created to compete in the CGC, Cyberdyne, addressed these problems with a distributed system architecture.
Each node was tasked with one or more challenge problems, and could even cooperate with other nodes on the same challenge.
If nodes experienced a catastrophic error while analyzing a challenge problem, the operation of other independent nodes was not affected, limiting the damage to the CRS's overall score.
The format of the AIxCC bears a strong resemblance to that of the CGC, so the CRS we build for the AIxCC will also need to be scalable and resilient to failures.
The AIxCC has an additional wrinkle-challenge diversity.
The AIxCC's challenge problem set will include programs written in languages other than C/C++, including many interpreted languages such as Java and Python.
The distributed architecture used in Cyberdyne can be adapted for the AIxCC to address versatility in a manner similar to scalability and resiliency.
The key difference is that problem-solving nodes used for AIxCC challenges will need to be specialized for different types of challenge problems.
In the context of the AIxCC, our experience suggests that an AI/ML-only approach is a losing proposition due to high compute costs and the effect of compounding false positives, inaccuracies, and/or confabulations at each step.
Among the tasks a CRS must complete in the AIxCC that are suitable for AI/ML, several are tailor-made for LLMs, such as generating code snippets and seed inputs for fuzzing.
We used this framework to assess different LLMs' abilities to handle several distinct tasks, including those highly relevant to AIxCC. We found that LLMs could perform only as well as experts or significantly upskill novices for tasks that were reducible to natural language processing, such as writing phishing emails and conducting misinformation campaigns.
For other cyber tasks such as creating malicious software, finding vulnerabilities in source code, and creating exploits, current-generation LLMs had novice-like capabilities and could only marginally upskill novice users.
Because LLMs will struggle greatly with tasks that are reasoning-intensive, such as identifying novel instances of vulnerabilities in source code or classifying vulnerabilities, we'll avoid their use in our CRS. Other types of AI/ML models with narrower scopes are a better option.
Next month, DARPA will hold its AIxCC kickoff event where we should learn more about the infrastructure DARPA will provide for the competition.


This Cyber News was published on securityboulevard.com. Publication date: Mon, 11 Mar 2024 21:13:07 +0000


Cyber News related to DARPA awards $1 million to Trail of Bits for AI Cyber Challenge

DARPA awards $1 million to Trail of Bits for AI Cyber Challenge - We're excited to share that Trail of Bits has been selected as one of the seven exclusive teams to participate in the small business track for DARPA's AI Cyber Challenge. Our team will receive a $1 million award to create a Cyber Reasoning System and ...
1 year ago Securityboulevard.com
2024 Cybersecurity Excellence Awards - Great news: By popular demand, we extended the deadline for the 2024 CYBERSECURITY EXCELLENCE AWARDS until April 27,2024. In the complex and dynamic world of cybersecurity, excellence often goes unnoticed. That's where the Cybersecurity Excellence ...
1 year ago Cybersecurity-insiders.com
General Electric, DARPA Hack Claims Raise National Security Concerns - General Electric and the Defense Advanced Research Projects Agency have reportedly been breached, according to claims on the Dark Web that the organizations' highly sensitive stolen data is up for sale. A screen capture from the Dark Web ad shows a ...
1 year ago Darkreading.com
General Electric, DARPA Hack Claims Raise National Security Concerns - General Electric and the Defense Advanced Research Projects Agency have reportedly been breached, according to claims on the Dark Web that the organizations' highly sensitive stolen data is up for sale. A screen capture from the Dark Web ad shows a ...
1 year ago Darkreading.com
Hackers abuse Zoom remote control feature for crypto-theft attacks - A hacking group dubbed 'Elusive Comet' targets cryptocurrency users in social engineering attacks that exploit Zoom's remote control feature to trick users into granting them access to their machines. "For organizations handling particularly ...
1 month ago Bleepingcomputer.com
New Stellar Cyber Alliance to Deliver Email Security for SecOps Teams - Stellar Cyber, a Double Platinum 'ASTORS' Award Champion in the 2023 Homeland Security Awards Program, and the innovator of Open XDR has entered inao a new partnership with Proofpoint, a leading cybersecurity and compliance company. Through this ...
1 year ago Americansecuritytoday.com PLATINUM
Stellar & Blackberry Join to Deliver Open XDR to MSSPs and Enterprise - Stellar Cyber, a Double Platinum 'ASTORS' Award Champion in the 2023 Homeland Security Awards Program, and the innovator of Open XDR, has entered into a new partnership with BlackBerry to deliver a comprehensive threat detection and response solution ...
1 year ago Americansecuritytoday.com PLATINUM
AMD, Apple, Qualcomm GPUs leak AI data in LeftoverLocals attacks - A new vulnerability dubbed 'LeftoverLocals' affecting graphics processing units from AMD, Apple, Qualcomm, and Imagination Technologies allows retrieving data from the local memory space. Tracked as CVE-2023-4969, the security issue enables data ...
1 year ago Bleepingcomputer.com CVE-2023-4969
Cyber Insurance for Businesses: Navigating Coverage - To mitigate these risks, many businesses opt for cyber insurance. With the wide range of policies available, navigating the world of cyber insurance can be overwhelming. In this article, we will delve into the complexities of cyber insurance and ...
1 year ago Securityzap.com
Cyber Insurance: A Smart Investment to Protect Your Business from Cyber Threats in 2023 - Don't wait until it's too late - get cyber insurance today and secure your business for tomorrow. According to the U.S. Federal Trade Commission, cyber insurance is a particular type of insurance that helps businesses mitigate financial losses ...
1 year ago Cyberdefensemagazine.com
Simeio Returns to Compete in 2024 'ASTORS' Awards with Simeio OI - Home IT Security Communications Simeio Returns to Compete in 2024 'ASTORS' Awards with Simeio OI. A global managed services provider offering Identity and Access Management solutions, Simeio secures over 160 million identities globally for large ...
1 year ago Americansecuritytoday.com
Fighting ransomware: A guide to getting the right cybersecurity insurance - While the cybersecurity risk insurance market has been around for more than 20 years, the rapidly changing nature of attacks and the rise in the ransomware epidemic has markedly changed the nature of cyber insurance in recent years. It's more ...
1 year ago Scmagazine.com
Cybersecurity Industry Gains $1.7 Billion to Develop Cutting-Edge Protection Technologies - As digital threats grow in sophistication, the cybersecurity sector has ignited a funding frenzy, with startups raising $1.7 billion in April 2025 alone ahead of the RSA Conference in San Francisco. As banks and fintechs face a 40% spike in ...
2 weeks ago Cybersecuritynews.com
Does Pentesting Actually Save You Money On Cyber Insurance Premiums? - Way back in the cyber dark ages of the early 1990s as many households were buying their first candy-colored Macintoshes and using them to play Oregon Trail and visit AOL chat rooms, many businesses started venturing into the digital realm as well by ...
1 year ago Securityboulevard.com Rocke
Uncertainty Is the Biggest Challenge to Australia's Cyber Security Strategy - Political shifts could lead to changes in Australia's cyber security strategy. Early in 2023, as the Australian government started to craft its cyber security vision, it met with opposition at both ends of the political spectrum. On the right wing, ...
1 year ago Techrepublic.com
Three Key Threats Fueling the Future of Cyber Attacks - Improvements in cyber security and business continuity are helping to combat encryption-based ransomware attacks, yet the cyber threat landscape is continually evolving. Protecting an organization against intrusion remains a cat and mouse game, in ...
1 year ago Cyberdefensemagazine.com
Wargames director Jackie Schneider on why cyber is one of 'the most interesting scholarly puzzles' - In other games, we had people from Silicon Valley who were leading AI companies or cyber companies. What we found is those who had expertise in cyber operations were more likely to be more nuanced about how they used the cyber capability. On a larger ...
1 year ago Therecord.media
Attackers Could Eavesdrop on AI Conversations on GPUs - Researchers at cybersecurity research and consulting firm Trail of Bits have discovered a vulnerability that could allow attackers to read GPU local memory from affected Apple, Qualcomm, AMD and Imagination GPUs. In particular, the ...
1 year ago Techrepublic.com
DHS Awards UAA to Launch New ADAC-ARCTIC Center of Excellence - S&T will provide ADAC-ARCTIC $46 million over a 10-year cooperative agreement to establish this Research Center portfolio for Homeland Security in the Arctic. Vital insights from academic-led innovative research will help the Department of Homeland ...
1 year ago Americansecuritytoday.com
IT Professionals in ASEAN Confronting Rising Cyber Security Risks - The ASEAN region is seeing more cyber attacks as digitisation advances. In July 2023, the Association of Southeast Asian Nations officially opened a joint cyber security information sharing and research centre, or Cybersecurity and Information Centre ...
1 year ago Techrepublic.com
Entro Security Newest Competitor in 2024 'ASTORS' Awards Program - Secrets management and monitoring are crucial components of any security program. Entro is a holistic secret security platform designed specifically for security teams and CISOs. To ensure that doesn't happen, Entro offers an exclusive secrets ...
1 year ago Americansecuritytoday.com
The Rise of Cyber Insurance - What CISOs Need to Consider - Cyber insurance offers not just financial protection against potentially devastating cyber incidents but also provides frameworks for improving security posture, access to specialized resources, and support during crisis scenarios. Beyond financial ...
1 month ago Cybersecuritynews.com
Warren PD Launches Mark43 Records Management System - Mark43, a leading cloud-native public safety software company that took home Top Awards for Best Disaster Preparedness and Disaster Recovery Solution in the 2023 'ASTORS' Homeland Security Awards Program, is pleased to announce the official ...
1 year ago Americansecuritytoday.com
Konica Minolta Wins Two Platinum 'ASTORS' Homeland Security Awards - ' Now in its ninth year, it continues to recognize industry leaders in physical and border security, cybersecurity, emergency preparedness management and response, law enforcement, first responders, and federal, state, and municipal government ...
1 year ago Americansecuritytoday.com
75% Organizations Struggle with Recurring Cyber Attacks - In a time when advancements in technology rule these days, the constant risk of cyber attacks hangs over businesses all over the world. This study highlighted the difficulties Chief Information Security Officers encounter during cyber attacks. This ...
1 year ago Securityboulevard.com