Hello,

We noticed you're browsing in private or incognito mode.

To continue reading this article, please exit incognito mode or log in.

Not a subscriber? Subscribe now for unlimited access to online articles.

Connectivity

DARPA Hopes Automation Can Create the Perfect Hacker

Seven Pentagon supercomputers are getting ready to attack one another.

Look out, human hackers. Pentagon research agency DARPA says people are too slow at finding and fixing security bugs and wants to see smart software take over the task.

The agency released details today of a contest that will put that idea to the test at the annual DEF CON hacking conference in Las Vegas next month. Seven teams from academia and industry will pit high-powered computers provided by the agency against one another. Each team’s system must run a suite of software developed by DARPA for the event. Contestants win points by looking for and triggering bugs in software run by competitors while defending their own software.

Mike Walker, the DARPA program manager leading the Cyber Grand Challenge project, claims the approach could make the world safer.

“The comprehension and reaction to unknown flaws is entirely manual today,” he said in a briefing Wednesday. “We want to build autonomous systems that can arrive at their own insights about flaws [and] make their own decisions about when to release a patch.”

When malicious hackers find a new flaw in a piece of commonly used software, they can typically exploit it for a year before it is fixed, Walker said. “We want to bring that response down to minutes or seconds. Hopefully we ignite a revolution where we eventually have a machine that can compete with top experts.”

The seven competing teams were selected last summer after a simpler, preliminary contest. Each team was given $750,000 and access to a high-performance computer with 1,000 processor cores and 16 terabytes of memory.

In next month’s final contest, teams must sit back and watch as the software they have developed competes against that of the other contestants without any human intervention. The winning team will take home $2 million and be invited to compete against human hackers in DEF CON’s annual capture-the-flag contest.

Walker doesn’t expect the automated hacker to do very well against humans, but the software doesn’t have to be able to hold its own in a matchup with elite hackers to be useful. Anything that helps the U.S. military find flaws in its software faster would benefit national security, he said.

He played down suggestions that technology developed for the Cyber Grand Challenge could be used maliciously in the real world. Not only is it unclear whether techniques developed for the contest would work on real software, but DARPA is committed to encouraging wide use of such software, said Walker. Teams are required to release all their code as open source.

“If technology is democratized, then we don’t believe that nefarious misuse will be feasible, because the bugs that will be found will already have been patched,” he said.

AI is here. Will you lead or follow? Countdown to EmTech Digital 2019 has begun.

Register now
More from Connectivity

What it means to be constantly connected with each other and vast sources of information.

Want more award-winning journalism? Subscribe to Print + All Access Digital.
  • Print + All Access Digital {! insider.prices.print_digital !}*

    {! insider.display.menuOptionsLabel !}

    The best of MIT Technology Review in print and online, plus unlimited access to our online archive, an ad-free web experience, discounts to MIT Technology Review events, and The Download delivered to your email in-box each weekday.

    See details+

    12-month subscription

    Unlimited access to all our daily online news and feature stories

    6 bi-monthly issues of print + digital magazine

    10% discount to MIT Technology Review events

    Access to entire PDF magazine archive dating back to 1899

    Ad-free website experience

    The Download: newsletter delivered daily

/3
You've read of three free articles this month. for unlimited online access. You've read of three free articles this month. for unlimited online access. This is your last free article this month. for unlimited online access. You've read all your free articles this month. for unlimited online access. You've read of three free articles this month. for more, or for unlimited online access. for two more free articles, or for unlimited online access.