White House launches AI cyber challenge to identify and fix open-source software vulnerabilities

Teams that compete in the DARPA-led challenge will be able to win for prizes worth a total of more than $25 million.
"Red Team" members watch security camera footage of their effects on a simulated water treatment facility at Muscatatuck Urban Training Center, Indiana on June 16, 2022 in Niantic, CT. Cyber Yankee is an annual exercise that pits Blue Teams (network defenders) against a Red Team (network intruders/attackers) on a cyber range which is modeled after a critical infrastructure company's network. (Photo by Maj. David Pytlik, Connecticut National Guard Public Affairs Office)

The White House on Wednesday announced a competition for cybersecurity researchers that is intended to spur the use of artificial intelligence to identify and fix software vulnerabilities.

Teams that compete in the “AI Cyber Challenge,” which the Defense Advanced Research Projects Agency will lead, can win prizes worth up to $18.5 million. The agency has also allocated an additional $7 million in prize money for small businesses that participate.

As part of the competition, researchers will use AI technology to fix software vulnerabilities, with a particular focus on open-source software. Leading AI companies Anthropic, Google, Microsoft and OpenAI will make their technology available for the challenge, according to the Biden administration.

The White House’s announcement comes amid continued concern over rising cyber supply-chain risk across the federal government and the private sector. Last September, the Office of Management and Budget stipulated that all software providers would have to self-attest to the security of their products before deploying them on federal agency systems.


It also follows the decision by seven leading AI companies in July to sign onto a set of voluntary commitments brokered by the Biden administration, and proposals from lawmakers including Senate majority leader Chuck Schumer, D-NY, about how the regulatory landscape for the technology should look in future.

“What they come up with, the challenge winners, we definitely look forward to applying across the federal government, because we’re looking for ways to accelerate finding and fixing vulnerabilities,” Anne Neuberger, Deputy National Security Advisor for Cyber and Emerging Technology within the White House, said in response to FedScoop questions on a press call.

“And we’re certainly particularly interested in approaches they come up with, for example, help[ing] us identify bugs in energy grid bugs and signaling systems of transportation and help us not only find them, but fix them,” Neuberger added. 

Given the competition’s focus on open-source software, the Open Source Security Foundation (OpenSSF), which is a project of the Linux Foundation, will serve as a challenge adviser.

“Because the focus here is on open source software that is critical and used throughout our society and throughout the internet, I would expect that a rising tide lifts all boats here,” said DARPA Deputy Director Rob McHenry, also speaking on a press call.


“So that will help us integrate this into their secure software development lifecycle in a way that will help the federal government and will also go much, much broader than that,” said McHenry.

Competing teams will participate in a qualifying event in Spring 2024, where up to 20 top scoring teams will be invited to participate in the semifinal competition at DEF CON 2024. Of the top scoring teams, up to five, will receive monetary prizes and continue to the final phase of the competition, to be held at the annual DEF CON hacker convention in 2025. 

This weekend, President Biden’s Chief Science and Technology Adviser Arati Prabhakar will travel to Las Vegas to attend this year’s DEF CON conference. She is scheduled to take part in events highlighting the Biden administration’s ongoing work to promote the development of responsible AI technology.

Elias Groll contributed to this report.

Latest Podcasts