Game over, security researchers – DARPA’s AI bug hunters are coming for your jobs

First 'Cyber Grand Challenge' shows software can eat itself

DEF CON A quest to build a smart computer system that finds and patches bugs faster and more efficiently than humans is off to a good start with all the teams in DARPA’s Cyber Grand Challenge performing very well indeed.

The contest, held at the DEF CON hacking conference in Las Vegas, was organised by the research arm of the US military and saw seven teams test out their automated seek-and-patch-ware in a simulated operating system. The eight-hour contest saw the teams find and patch 420 flaws and create 650 proofs of concepts.

“Our mission is to change what’s possible so we can take huge strides forward in our national security capabilities,” said Arati Prabhakar at the post-contest press conference. “We did it today and it was a very satisfying experience.”

Each team was equipped with a server containing 128 Intel Xeon processors running at 2.5 GhZ and boasting over a thousand processing cores, 16TB of RAM and a liquid cooling system that required 250 gallons of water per minute to cool the big iron. They were let loose on a custom-designed operating system and instructed to find flaws, patch them automatically, and provide proof of concepts for flaws in each other's systems.

At the same time seven other similar system were used by the judges to monitor the progress of the event as the systems ran 96 rounds lasting 270 seconds, with 30 second breaks in between rounds. At stake was US$3.75m in government greenbacks.

The competition, which has taken three years and $55m to set up, is designed to automate the whole process of bug hunting.

Mike Walker, the DARPA program manager overseeing the Cyber Grand Challenge, said that this was the first stage in a possibly decade-long process to automate security monitoring and make networks more resilient.

“We have redefined what is possible and we did it in the course of hours with autonomous systems that we challenged the world to build,” he said. “I want people to understand how difficult it is to build prototype revolutionary technology and field it in front of the eyes of the world. I have enormous respect for those folks.”

A DARPA representative told The Reg that at this stage the winning team, with 270,042 points, was the ForAllSecure team, founded by the Carnegie Mellon University professor of electrical and computer engineering David Brumley. Results aren't final, but if confirmed his team will scoop the $2m top prize.

The ForAllSecure team’s success was all the more surprising because a key bug finding system in the computer’s programming crashed around half way through the competition. It repaired itself and got back up and running before the competition ended but maintained a narrow lead until the end of the contest.

In second place, with 262,036 points, was the TechX team from GrammaTech and the University of Virginia, setting them up for a $1m payday. In third place was the Shellphish team, led by Professor Giovanni Vigna, director of the Centre for CyberSecurity at the University of California, Santa Barbara, who are in line for $750,000.

Once the results have been confirmed the winning system will be pitted against human foes in a capture the flag competition. Walker said that he didn’t expect the automated system to come close to matching fleshy competitors in the contest, but the first five minutes of the competition would give a good example of how computers could leverage their faster processing speed against human inventiveness.

This is a long road we are going to travel, Walker stressed. The first United States Computer Chess Championship took place in 1970 and it wasn’t until 1996 that IBM’s Deep Blue system finally beat a human grandmaster at the game - and then only at speed chess. But the fuse has been lit he said, and the clock is now ticking for professional bug hunters ... and perhaps the automated systems that could one day put them out to grass. ®

Similar topics

Other stories you might like

  • Tesla driver charged with vehicular manslaughter after deadly Autopilot crash

    Prosecution seems to be first of its kind in America

    A Tesla driver has seemingly become the first person in the US to be charged with vehicular manslaughter for a deadly crash in which the vehicle's Autopilot mode was engaged.

    According to the cops, the driver exited a highway in his Tesla Model S, ran a red light, and smashed into a Honda Civic at an intersection in Gardena, Los Angeles County, in late 2019. A man and woman in the second car were killed. The Tesla driver and a passenger survived and were taken to hospital.

    Prosecutors in California charged Kevin George Aziz Riad, 27, in October last year though details of the case are only just emerging, according to AP on Tuesday. Riad, a limousine service driver, is facing two counts of vehicular manslaughter, and is free on bail after pleading not guilty.

    Continue reading
  • AMD returns to smartphone graphics with new Samsung chip for your pocket computer

    We're back in black

    AMD's GPU technology is returning to mobile handsets with Samsung's Exynos 2200 system-on-chip, which was announced on Tuesday.

    The Exynos 2200 processor, fabricated using a 4nm process, has Armv9 CPU cores and the oddly named Xclipse GPU, which is an adaptation of AMD's RDNA 2 mainstream GPU architecture.

    AMD was in the handheld GPU market until 2009, when it sold the Imageon GPU and handheld business for $65m to Qualcomm, which turned the tech into the Adreno GPU for its Snapdragon family. AMD's Imageon processors were used in devices from Motorola, Panasonic, Palm and others making Windows Mobile handsets.

    Continue reading
  • Big shock: Guy who fled political violence and became rich in tech now struggles to care about political violence

    'I recognize that I come across as lacking empathy,' billionaire VC admits

    Billionaire tech investor and ex-Facebook senior executive Chamath Palihapitiya was publicly blasted after he said nobody really cares about the reported human rights abuse of Uyghur Muslims in China.

    The blunt comments were made during the latest episode of All-In, a podcast in which Palihapitiya chats to investors and entrepreneurs Jason Calacanis, David Sacks, and David Friedberg about technology.

    The group were debating the Biden administration’s response to what's said to be China's crackdown of Uyghur Muslims when Palihapitiya interrupted and said: “Nobody cares about what’s happening to the Uyghurs, okay? ... I’m telling you a very hard ugly truth, okay? Of all the things that I care about … yes, it is below my line.”

    Continue reading

Biting the hand that feeds IT © 1998–2022