CISO Tradecraft® #253 - DARPA’s AI Cyber Challenge Unveiled (with Andrew Carney)
Oct 6, 2025
Join Andrew Carney, Director of DARPA's AI Cyber Challenge and a veteran in vulnerability research, as he unveils the revolutionary capabilities of autonomous systems designed to identify and patch software vulnerabilities. The conversation explores the challenge's journey and its profound implications for cybersecurity, particularly in critical infrastructure. Andrew shares insights on real-world applications, the impact of synthetic vulnerabilities, and how these tools can empower defenders while emphasizing the necessity of human oversight. Discover the future of AI in cyber defense!
AI Snips
Chapters
Transcript
Episode notes
Automated Patching At Internet Scale
- The AI Cyber Challenge (AICC) developed autonomous systems to find and patch vulnerabilities at internet scale.
- DARPA aimed to pair program analysis with generative AI to secure critical infrastructure faster than manual methods.
Validate Patches With Real Tests
- Use generated patches only if they pass full unit and private tests to ensure non-interference.
- Require automated patches to meet the same acceptance criteria as human contributors before deployment.
Protecting Critical Infrastructure First
- Critical infrastructure relies heavily on open source and volunteer maintainers yet faces constant nation-state attacks.
- AICC focused on hardening that foundation so society can continue building atop secure software.