Team Atlanta
$4,000,000
Trail of Bits
$3,000,000
Theori
$1,500,000
DARPA’s Artificial Intelligence Cyber Challenge (AIxCC), in collaboration with ARPA-H, brings together the foremost experts in AI and cybersecurity to safeguard the software critical to all Americans.
DARPA’s Artificial Intelligence Cyber Challenge (AIxCC), in collaboration with ARPA-H, brings together the foremost experts in AI and cybersecurity to safeguard the software critical to all Americans.
AIxCC is excited to have Anthropic, Google, Microsoft, OpenAI, the Linux Foundation, the Open Source Security Foundation, Black Hat USA, and DEF CON as collaborators in this effort.*
*The appearance of entity names does not constitute endorsement by the U.S. Government (USG) of non-USG information, products, or services. Although these non-USG entities may or may not use this site as additional distribution channels for information, the USG does not exercise editorial control over all information you may encounter.AIxCC is excited to have Anthropic, Google, Microsoft, OpenAI, the Linux Foundation, the Open Source Security Foundation, Black Hat USA, and DEF CON as collaborators in this effort.*
The appearance of entity names does not constitute endorsement by the U.S. Government (USG) of non-USG information, products, or services. Although these non-USG entities may or may not use this site as additional distribution channels for information, the USG does not exercise editorial control over all information you may encounter.
Patching Critical Infrastructure: Announcing the Winners of DARPA’s AI Cyber Challenge
**Former information stated the Final Competition included 70 synthetic vulnerabilities. Upon further review, the competition administrator determined the Final Competition included 63 synthetic vulnerabilities. The number of vulnerabilities competitors’ systems discovered (54) remained unchanged, which means competitors discovered 86% of the synthetic vulnerabilities and patched 68%.
How the Competition Played Out
Select a team below for a more detailed breakdown of their CRSs performance:
42-b3yond-6ug
——-
PLACEMENT
1 Team Atlanta
2 Trail of Bits
3 Theori
4 All You Need IS A Fuzzing Brain
5 Shellphish
6 42-b3yond-6ug
7 Lacrosse
42-b3yond-6ug
——-
SCORED ROUND
Vulnerabilites Found → 41
Successful Patches → 3
Total Score → 105
42-b3yond-6ug
——-
ACHIEVEMENTS
- Giant Slayer ///
Repo w/ 5M+ lines code - Czar of the SARIF ///
Most Correct SARIFs - Hunger For Knowledge ///
1K+ LLM requests/min
42-b3yond-6ug – ZERO DAYS DISCOVERED
Java: 7 /// C: 2
ALL YOU NEED IS A FUZZING BRAIN
——-
PLACEMENT
1 Team Atlanta
2 Trail of Bits
3 Theori
4 All You Need IS A Fuzzing Brain
5 Shellphish
6 42-b3yond-6ug
7 Lacrosse
ALL YOU NEED IS A FUZZING BRAIN
——-
SCORED ROUND
Vulnerabilites Found → 28
Successful Patches → 14
Total Score → 154
ALL YOU NEED IS A FUZZING BRAIN
——-
ACHIEVEMENTS
- -OFast ///
First Blood: C Real World Vuln - Faster Than Pizza Delivery ///
Score <5min into a task - SARIF Mastery ///
Achieved >80% SARIF accuracy
ALL YOU NEED IS A FUZZING BRAIN – ZERO DAYS DISCOVERED
Java: 1 /// C: 1
Team Atlanta
——-
PLACEMENT
1 Team Atlanta
2 Trail of Bits
3 Theori
4 All You Need IS A Fuzzing Brain
5 Shellphish
6 42-b3yond-6ug
7 Lacrosse
Team Atlanta
——-
SCORED ROUND
Vulnerabilites Found → 43
Successful Patches → 31
Total Score → 393
Team Atlanta
——-
ACHIEVEMENTS
- Bundle Baron ///
Most Scoring Bundles - Prince of the Patch ///
Most Real World Vulns Patched - Professional Assassin ///
Had a positively scoring PoV percentage higher than 95%
Team Atlanta – ZERO DAYS DISCOVERED
Java: 3 /// C: 3
Shellphish
——-
PLACEMENT
1 Team Atlanta
2 Trail of Bits
3 Theori
4 All You Need IS A Fuzzing Brain
5 Shellphish
6 42-b3yond-6ug
7 Lacrosse
Shellphish
——-
SCORED ROUND
Vulnerabilites Found → 28
Successful Patches → 11
Total Score → 136
Shellphish
——-
ACHIEVEMENTS
- The Limit Does Not Exist ///
Scored w/POV +1M bytes - The Doctor is In ///
Scoring patch % higher than 95 - Best Telemetry ///
Reporting LLM and CRS activity
Shellphish – ZERO DAYS DISCOVERED
Java: 0 /// C: 1
Lacrosse
——-
PLACEMENT
1 Team Atlanta
2 Trail of Bits
3 Theori
4 All You Need IS A Fuzzing Brain
5 Shellphish
6 42-b3yond-6ug
7 Lacrosse
Lacrosse
——-
SCORED ROUND
Vulnerabilites Found → 1
Successful Patches → 1
Total Score → 10
Lacrosse
——-
ACHIEVEMENTS
- Professional Assassin ///
POV success 95%+ - Consensus Contributor ///
Submitted most POVs/vulns - Raiders of the Lost POV ///
Found a PoV that triggered a vulnerability that was not artificially inserted into the Challenge
Theori
——-
PLACEMENT
1 Team Atlanta
2 Trail of Bits
3 Theori
4 All You Need IS A Fuzzing Brain
5 Shellphish
6 42-b3yond-6ug
7 Lacrosse
Theori
——-
SCORED ROUND
Vulnerabilites Found → 34
Successful Patches → 20
Total Score → 211
Theori
——-
ACHIEVEMENTS
- Thrifty ///
Least $$ spent per vuln patched - Cornucopia ///
Scored on 20 unique CWEs - Secret Sauce ///
Submitted a POV for a challenge no one else submitted a POV for
THEORI – ZERO DAYS DISCOVERED
Java: 1 /// C: 0
Trail of Bits
——-
PLACEMENT
1 Team Atlanta
2 Trail of Bits
3 Theori
4 All You Need IS A Fuzzing Brain
5 Shellphish
6 42-b3yond-6ug
7 Lacrosse
Trail of Bits
——-
SCORED ROUND
Vulnerabilites Found → 28
Successful Patches → 19
Total Score → 219
Trail of Bits
——-
ACHIEVEMENTS
- Hawk Eye ///
Avg accuracy 90%+ - Cornucopia ///
Scored on 20 unique CWEs - LOC Ness Monster ///
Scored w/ patch diff >300 lines
Learn About Finals at DEF CON 33
AIxCC Program Manager Andrew Carney provides an overview of the program, shares what you can expect in our experience at DEF CON 33, and invites you to support the transition of this technology to widespread use.
Learn How Organizers Scored the Competition
AIxCC Contributor and Mayhem Security CEO David Brumley explains how the competition scoring works and the reasoning behind it.
Voices from DARPA" Episode 89 - AIxCC: AI Cyber Challenge
AIxCC Competitors successfully demonstrated the ability of novel autonomous systems using AI to secure the open-source software that underlies critical infrastructure, with winners revealed at DEF CON 33.
AIxCC Newsletter Sign-Up
The mission continues! Sign up to stay up to date on the latest developments in transitioning these breakthrough systems into real-world applications.
Information collected by DARPA will be used solely for the purpose of administering the AIXCC. Use of application information is governed by the Privacy Policy posted on the DARPA website.
What's Next?
The competition is over and now the next phase begins. DARPA and ARPA-H are working alongside other government, industry and academic partners to ensure the groundbreaking technology created by the teams in AIxCC is adopted and widely used to secure our critical infrastructure and beyond.
Each of the 7 finalist teams will release their competition cyber reasoning systems (CRSs) as open source in August, and the competition infrastructure and data will be released as open source in the coming months. Anyone can access, interact with, learn from and build on these systems as well as the competition infrastructure, challenges and more.
Transition Track #1
DARPA will begin to apply open source CRSs to open and closed-source repositories, securing the code we rely on.
Transition Track #2
Teams and companies will advance the open source AIxCC CRSs – building tools, launching products, and shaping the future.
Get Involved!
AIxCC CRS technology represents a significant advancement in AUTOMATED vulnerability detection and remediation at scale. Your expertise and experience could be crucial to its successful adoption in all software development pipelines. Whether you have code you would like DARPA to help analyze, or wish to incorporate CRS technology into your workflow, please reach out to us at [email protected]. Check out the Git Hub Repository and subscribe to our newsletter to learn about ways to get involved.
