White House Launches Initiative to Source Cybersecurity Solutions with Artificial Intelligence
With alarming frequency, our local and state government systems fall victim to hacking and ransom attacks. During the Black Hat USA Conference in Las Vegas, the Biden Administration announced its strategy to enhance the protection of the country’s crucial digital infrastructure. They will initiate a DARPA-led challenge competition aimed at developing AI systems that can actively detect and resolve software vulnerabilities. In essence, a hackathon will be organized to tackle this issue.
The “AI Cyber Challenge” (AIxCC) is a two-year development program open to competitors throughout the United States. It is hosted by DARPA in collaboration with Anthropic, Google, Microsoft and OpenAI. These companies offer both their industry expertise and access to their AI technologies.
“The challenge is critical to bring together state-of-the-art automated software, security and artificial intelligence to enhance our cyber defenses by being able to quickly exploit and patch software vulnerabilities,” said Anne Neuberger, Deputy Advisor for Cyber and Development Technology. , said in a press conference on Tuesday.
“This is one of the ways that the public and private sectors are working together to do big things to change the future,” added Arati Prabhakar, director of science and technology policy at the White House. “That’s why the White House asked DARPA to address cybersecurity-critical artificial intelligence.”
White House officials acknowledge that adequately protecting the nation’s vast federal software systems from intrusion is a daunting task. “They don’t have tools that can secure at this scale,” Perri Adams, program manager for DARPA’s Information Innovation Office, said during the call. “We’ve seen in recent years that hackers are taking advantage of the situation and posing a serious national security risk.”
Despite these vulnerabilities, “I think we need to stay one step ahead, and AI offers a very promising approach to that,” Adams said. Almost 20 million dollars in prize money is being distributed. And to make sure the competition isn’t dominated by teams with the deepest pockets, DARPA is offering $7 million to small companies that want to compete as well.
Next spring, the research office will hold an open qualifying event where the teams with the most points (up to 20 can potentially qualify) will be invited to the semi-finals at DEF CON 24. This cohort will be divided among the top five teams who will win cash prizes in the competition and you will be invited back to DEF CON 25 for the finals. The top three scorers from DC25 win even more money. You come in first, you get $4 million — but to do that, your AI had better be able to “quickly defend critical infrastructure codes from attack,” according to White House officials. Ideally, the resulting system would weed out networks that independently search for and fix software security flaws they find.
The winning team is also strongly encouraged to open source their resulting program. The competition brings The Open Source Security Foundation (OpenSSF), a project of the Linux Foundation, as an advisor to the challenge. Their mission is to help ensure that the code is immediately adopted “by everyone from volunteer open source developers to commercial industry,” Adams said. “If we succeed, I hope AIxCC will not only produce the next generation of cybersecurity tools for this space, but also show how AI can be used to improve society by defending its critical foundations.”
“The president has been very clear that we need to get AI right for the American people,” Prabhakar said. Last fall, Biden’s White House announced its Blueprint for an AI Bill of Rights, which defined the administration’s core values and goals on the subject. Follow-up actions included driving an AI risk management framework and investing $140 million to establish seven new national AI and machine learning research institutes. In July, the White House also challenged several leading AI companies to agree to (non-binding) claims that they develop their products responsibly.