The Defense Advanced Research Projects Agency (DARPA) has turned to artificial intelligence (AI) capabilities to bolster cybersecurity defenses against continued and growing threats, an agency official explained last week.
Perri Adams, program manager at DARPA’s Information Innovation Office, explained that in turning to AI to bolster cybersecurity, the agency will need to leverage both AI and traditional computer science practices.
“We’ve seen the ability to apply some of these large language models to identify vulnerabilities within code, and in some cases, it’s been successful,” Adams said during a Federal News Network webinar on Sept. 14. “But there’s still significant progress needed. It can find some vulnerabilities … but they do have limitations.”
She explained that the challenge will be to find a way to marry the traditional tech with the new advancements.
To meet this challenge, DARPA in recent months has launched two major programs to achieve this goal – the Intelligent Generation of Tools for Security (INGOTS) program and the AI Cyber Challenge (AIxCC).
Adams – the program manager for both projects – shared details on how each program will harness AI capabilities to secure cyberspace.
INGOTS: Automating Vulnerability Identification
DARPA’s goal for the INGOTS program is to develop automated tools that will help identify and fix “high-severity, chainable” vulnerabilities that hackers will exploit. Rather than develop a fully automatic process, INGOTS intends to create a computer-human pipeline that seamlessly allows human intervention to fix high-severity vulnerabilities before attacks occur.
“We want to give [software developers] the tools to reduce the amount of expertise they need and reduce the amount of manual time and labor required to identify the things they care about the most and prioritize those. We’re not wasting time on issues that aren’t vulnerabilities that a hacker could leverage,” Adams said.
INGOTS is a three-year program with two phases. Phase one will focus on exploring, designing, developing, and demonstrating tools and techniques. Phase two will focus on maturing and refining these tools and techniques and expanding their coverage across vulnerability and exploitation classes.
Currently, DARPA is evaluating proposals for INGOTS, Adams said.
AI Cyber Challenge
The second AI initiative is DARPA’s AIxCC, a two-year effort that the agency unveiled during Black Hat’s annual cyber conference in Las Vegas in August.
The objective of the AIxCC is to develop innovative systems guided by AI and machine learning (ML) to semi-automatically find and fix software vulnerabilities. Participants will design novel AI systems that compete to secure critical software code.
“I have been gratified by just how many people are excited to participate and see this as an opportunity to put their skills, whether in AI or computer security, towards a critical national security issue,” Adams said.
“We’re going to design these systems to fit within the software development process,” she said.
The deadline for proposals is October 3. Teams can begin registering for the “Open Track” of the challenge in November. The competition itself will kick off in February 2024. DARPA plans to award a total of $18.5 million in prizes. The agency will host the semifinals of the challenge at Def Con 2024. The final competition, with a top prize of $4 million, will be held at Def Con 2025.
Leading AI companies Anthropic, Google, Microsoft, and OpenAI have all agreed to provide expertise and platforms for the competition. The Linux Foundation’s Open Source Security Foundation will be a challenge adviser.
