US government research and development organisation DARPA has announced it is holding its first AI Cyber Challenge (AIxCC) to encourage innovation in AI-optimised cybersecurity solutions, in a bid to overhaul the security of US critical national infrastructure (CNI) and open-source code. The two-year competition will be held in stages, with the final being held in Las Vegas in August 2025. The overall winner of the contest is set to receive $6m, with technology giants Microsoft, Open AI, Google and Anthropic providing pro-bono resources and advice to participants.
AIxCC has been organised to raise the bar of cybersecurity in the US, while also encouraging innovation in the ethical use of AI.
“In the past decade, we’ve seen the development of promising new AI-enabled capabilities,” explained Perri Adams, DARPA’s AIxCC program manager, in a press release about the competition. “When used responsibly, we see significant potential for this technology to be applied to key cybersecurity issues. By automatically defending critical software at scale, we can have the greatest impact for cybersecurity across the country, and the world.”
Announced by the Biden Administration at this year’s Black Hat conference, the AIxCC will consist of a semifinal held next year at the DEFCON hacking conference, for which the prize is $2m for five winners. The winner of 2025’s final, also held at that year’s DEFCON conference, will receive a further $4m. Those placed second and third will received $3m and $1.5m respectively.
The competition will allow for two tracks for participation: a funded track for small businesses, and an open track. Up to seven successful applicants for the funded track will be offered up to $1m each to participate in the competition.
The Open Source Security Foundation, a subsidiary of the Linux Foundation, will act as a challenge advisor to guide teams in creating AI systems capable of addressing vital cybersecurity issues, focusing on the security of critical national infrastructure (CNI) and software supply chains.
Why is this happening now?
In a call to reporters on Tuesday previewing the announcement of the competition, the director of the White House Office of Science and Technology Policy Arati Prabhakar said that AIxCC was “a clarion call for all kinds of creative people and organizations to bolster the security of critical software that American families and businesses and all of our society relies on.”
“AI is the most powerful technology of our time, and we have to get it right for the American people,” Prabharker continued. “That means managing its risks and it means harnessing its tremendous potential.”
The strengthening commitment to overhauling the US’s cybersecurity posture comes amid increasing interest in automated AI-powered cybersecurity solutions, as devastating software supply chain attacks continue to breeze past the defences of public and private organisations. For example, the MOVEit Transfer vulnerability weaponised by Russian-speaking ransomware gang Cl0p has amassed over 600 victims, affecting nearly 40 million people since it first appeared in May of this year, according to Reuters. That same month, the US Cybersecurity and Infrastructure Security Agency released an advisory describing recent attempts by the People’s Republic of China to find vulnerabilities in US CNI.
‘Private sector partners have identified that this activity affects networks across U.S. critical infrastructure sectors,’ read the warning. ‘[T]he authoring agencies believe the actor could apply the same techniques against these and other sectors worldwide.’