The Defense Advanced Research Projects Agency (DARPA) has announced the winners of its inaugural AI Cyber Challenge (AIxCC), a two-year competition aimed at advancing the use of artificial intelligence to secure critical open-source software systems.
AIxCC – which was run in partnership with the Advanced Research Projects Agency for Health (ARPA-H) and several research labs – tasked teams with building autonomous AI systems capable of finding and fixing software flaws at scale.
In the final scored round, competitors’ competing cyber reasoning systems (CRSs) identified 54 synthetic vulnerabilities and patched 43. Finalists also discovered 18 real-world vulnerabilities not planted by the competition, with teams submitting 11 viable patches.
Team Atlanta won first place and a $4 million prize for designing the top-performing CRS, which led the field in quickly and accurately identifying and patching vulnerabilities across 54 million lines of code.
Trail of Bits, a cybersecurity firm based in New York, took second place and a $3 million prize, while Theori, a team of researchers and professionals from the U.S. and South Korea, placed third and received $1.5 million.
Compared to the Semifinal Competition in August 2024, teams in the final round nearly doubled their performance, with vulnerability identification increasing from 37 percent to 77 percent and patching success rising from 25 percent to 61 percent. The challenge also highlighted major cost efficiencies, as CRSs completed tasks for an average of $152, significantly less than traditional bug bounty costs, which can run into the thousands.
“AIxCC exemplifies what DARPA is all about: rigorous, high-risk, high-reward efforts that push technology forward,” DARPA Director Stephen Winchell said in a statement. “By releasing several of these tools as open source, we’re immediately empowering cyber defenders.”
DARPA is now working with public and private sector partners to transition the technology for broader use.
“We’re seeing a turning point,” said Andrew Carney, AIxCC program manager. “The success of these systems shows how AI can complement and even enhance conventional cyber defense approaches.”
To accelerate the adoption of AI technology in real-world systems, DARPA and ARPA-H are offering an additional $1.4 million in prizes for teams that work to integrate their CRSs into critical infrastructure-related software.
All seven finalists will be released as open-source software, with four already available and the rest expected in the coming weeks. Additional resources from the competition will also be open-sourced to support future research and development.