DARPA’s AI Cyber Challenge winners open-source tools after proving AI can find and patch vulnerabilities

DARPA announced the winners of its AI Cyber Challenge (AICC) at DEFCON 33 and released the finalist teams’ cyber‑reasoning systems as open source, saying the contest proved that autonomous systems can discover and patch realistic software vulnerabilities quickly and cheaply.

“AICC is a public competition to develop autonomous systems that can find real vulnerabilities and patch them effectively in source code,” said Andrew Carney, the AICC program manager at the Defense Advanced Research Projects Agency (DARPA). Carney said the competition used realistic, synthetic forks of open‑source projects so systems encountered novel vulnerabilities no person or prior large language model had seen.

The competition organizers provided metrics intended to show scale: the contest fielded 54,000,000 lines of code with 70 inserted synthetic vulnerabilities; teams discovered 54 of those and patched 43, the hosts said. DARPA’s presenters added that competitors found 18 zero‑day vulnerabilities and patched 11, with an average find‑and‑patch time of about 45 minutes and a cost roughly $152 per successful task—figures organizers called evidence of the approach’s cost‑effectiveness.

“To achieve technology truly indistinguishable from magic, we need infrastructure and software that is extremely robust, extremely performant, and extremely resilient,” Carney said, framing the challenge as necessary for securing the digital infrastructure that underpins civilian life and military operations.

Dr. Kathleen Fisher, director of DARPA’s Information Innovation Office (I2O), said the contest shifted expectations in the cyber community. “The artifacts that they built turned out to be really, really good at finding and fixing bugs,” she said, adding that initial skepticism gave way as the systems demonstrated concrete security findings.

Representatives from the finalist teams described their work and next steps. Peller Niswander of Team Theory said his group repeatedly found relevant upstream security bugs, not just contrived challenge items. Michael Brown of Veil of Bits (second place) described his team’s cyber‑reasoning system, “Buttercup,” and stressed open‑source distribution to widen access. Dr. Tae Soo Kim, lead for first‑place Team Atlantown, recounted discovering a significant vulnerability about six hours before the deadline and credited the competition with producing tools that can act like security experts aiding developers.

The program also included a commercialization push: DARPA director Steven Winchell said DARPA invested an extra $1,400,000 to incentivize finalists to deploy their systems into critical infrastructure, with incremental payments described as starting at $10,000 and rising up to $200,000 as teams roll out solutions.

ARPA‑H, which joined AICC in March 2024 to expand prize funding and health‑sector outreach, emphasized the potential patient‑care implications. “A cyberattack could be the thing between [hospitals] and closing their doors,” Dr. Jennifer Roberts, director of ARPA‑H’s Resilient Systems office, said. Roberts cautioned that the diversity of medical devices and hospital systems makes the health sector particularly vulnerable and said robust automated tools could reduce the risk of care disruptions.

Organizers said all seven finalist teams open‑sourced their competition systems and related artifacts at archive.aicyberchallenge.com so practitioners and maintainers can begin using the tools immediately. DARPA and ARPA‑H presenters encouraged developers, maintainers and owners of critical infrastructure to evaluate and adopt the systems and to contact the program team to support integration.

The episode closed with host Tom Shortridge directing listeners to aicyberchallenge.com and darpa.mil for links and documentation.