DARPA’s Grand Challenge Hopes To Automate Software Patching

This post is also available in: עברית (Hebrew)

The US Defence Advanced Research Projects Agency (DARPA) is trying to take cyber defence to the next level with the help of some friendly Artificial Intelligence (AI). DARPA is working on a project to automate cyber defence with the aid of AI that can discover, confirm, and fix software flaws in real time. To this end, DARPA is hosting its Cyber Grand Challenge (CGC) grand finale competition in glitzy Las Vegas in August 2016 in conjunction with DEF CON, host of the longest-running Capture the Flag hacking competition.

CGC will see fully automated systems attempt to reverse engineer previously unknown software to locate its weaknesses and to create patched up, secure code all in a live network competition environment.

DARPA chose the Grand Challenge format to pick the best of multiple possible approaches to task at hand, and the challengers all bring something unique to the table. Seven team will be competing, all with their own well trained supercomputers: DeepRed, ForAllSecure, CodeJitsu, CSDS, TECHx, disekt, and Shellphish. With $2 million for the winning team at stake, the tensions are quite high. Second place will walk away with $1 million, and $750,000 for the third-place finisher.

“DARPA’s CGC aims to make a computer the best hacker in the world,” says Mike Walker, programme manager for the agency’s Information Innovation Office. And for good reason. Currently, the process to fix a patch is both time and labour intensive, with systems remaining vulnerable for long stretches of time even under the best conditions. DARPA hopes that the Challenge will bring about a new generation of AI, capable of “discovering, confirming, and fixing software flaws within seconds—rather than waiting a year, on average, under the current human-centric system,” Walker says.