The AI Cyber Challenge (AIxCC), run by the Defense Advanced Research Projects Agency, awarded seven semi-finalist teams $2 million USD each at DEF CON 32, one of the world’s largest cybersecurity conferences.
Among the semi-finalists was 42-b3yond-6ug, a team with students and professors from six universities led by Northwestern University along with the University of Waterloo, University of Utah, University of Colorado Boulder, Johns Hopkins University, and University of New Hampshire.
“AIxCC challenges participants to develop a cyber reasoning system, an AI-powered tool designed to find and fix vulnerabilities in open-source software,” explains Meng Xu, a Professor at the Cheriton School of Computer Science and member of 42-b3yond-6ug along with his doctoral student Qingyang Zhou.
This type of software underpins critical systems across industries from finance to public utilities to health care, making it a prime target for cyberattacks.
“Together we developed a cyber reasoning system that was sent to DARPA for the semi-finals in a competition amongst 39 teams,” Professor Xu said. “Seven teams made it to the semi-final and each, including ours, will be awarded $2 million to prepare for the final competition at DEF CON 33.”
Members of team 42-b3yond-6ug at DEF CON 32. Photo credit: 42-b3yond-6ug twitter account
The semi-finalist teams now have a year to enhance their AI systems in preparation for the AIxCC Final Competition, which takes place in August 2025.
“In true DARPA fashion, we embarked on this program without certainty about the outcome,” said Andrew Carney, AIxCC Program Manager. “We’ve now demonstrated that AI systems can not only identify but also patch vulnerabilities, helping to secure the code that supports critical infrastructure. The achievements made by the competitors — uncovering vulnerabilities and successfully applying patches within a compressed timeline and amidst complex challenges — are nothing short of remarkable.”