Interactive experience to underscore the stakes of AI-driven cybersecurity for critical infrastructure
Jul 8, 2025
The Defense Advanced Research Projects Agency (DARPA), in collaboration with the Advanced Research Projects Agency for Health (ARPA-H), will announce the winners of the AI Cyber Challenge (AIxCC) at DEF CON 33, one of the world’s largest hacking conferences.
Teams are competing for $8.5 million in Final Competition prize money, including the first-place grand prize of $4 million. DARPA leadership will announce the competition winners on the DEF CON Main Stage on Friday, Aug. 8 at 11 a.m. PT and livestreamed on DEF CON’s YouTube channel.
AIxCC is a two-year competition to develop AI-enabled software that automatically identifies and patches vulnerabilities in source code. For the competition, the selected projects are open source software that underpins critical infrastructure such as hospitals, power plants, and water systems and are pervasively vulnerable to cyber attacks. Finalists’ software—called cyber reasoning systems (CRSs)—will be released as open source software under a license approved by the Open Source Initiative following the competition.
To accelerate the transition of the competition technology to the public and private sectors, DARPA and ARPA-H will bring a new interactive AIxCC Experience to DEF CON where attendees can meet the teams and see how their CRSs work, dive into the technical details and findings of the competition, experience the stakes of securing key sectors, and learn how to support the deployment of AIxCC technology for a more secure future.
The AIxCC stage will feature programming from the competing teams and AI and cybersecurity experts throughout the event. Participants in currently planned presentations and fireside chats include, but are not limited, to:
- Stephen Winchell, director, DARPA
- Kathleen Fisher, office director, Information Innovation Office
- Matthew Turek, deputy office director, Information Innovation Office
- Ian Brelinsky, program manager, OpenAI Security Products
- Jason Clinton, chief information security officer, Anthropic
- Sarah Evans, distinguished engineer, Dell Technologies
- Maia Hamin, member of technical staff, U.S. Center for AI Standards and Innovation
- Christopher Robinson, chief security architect, OpenSSF
- AIxCC competitor teams
Media opportunities
DARPA will host an AIxCC media briefing at DEF CON on Friday, Aug. 8 at 1 p.m. PT. To participate in the availability, media must contact outreach@darpa.mil by 4 p.m. PT on Thursday, Aug. 7 to receive instructions for in-person or virtual participation. The availability will feature DARPA leadership and representatives from each of the three winning teams.
The AIxCC Experience at DEF CON will be open to press who are registered to attend DEF CON 33. Media interested in arranging interviews with AIxCC experts should email outreach@darpa.mil.
Teams
The seven teams vying for the top prizes are:
42-b3yond-6ug: 42-b3yond-6ug is a collaborative team of students and professors from five universities, led by Northwestern University in partnership with the University of Waterloo, University of Utah, University of Colorado Boulder, and University of New Hampshire.
The team’s name pays homage to Douglas Adams’s “The Hitchhiker’s Guide to the Galaxy,” reflecting its mission to move beyond mere bug identification toward developing robust, practical solutions. The team’s CRS, BugBuster, is an integrated toolchain that leverages cutting-edge AI techniques to automatically detect and repair vulnerabilities in modern open-source software systems.
All You Need IS A Fuzzing Brain: All You Need IS A Fuzzing Brain is led by a team of academics and students at Texas A&M University. Their team name is inspired by fuzzing, a proven automated bug-finding testing technique.
Lacrosse: Team Lacrosse is made up of researchers from Smart Information Flow Technologies (SIFT), a research and development small business specializing in natural language processing, automated planning, cybersecurity, supervisory control, healthcare, and a range of human-automation interaction technologies.
SIFT employs researchers in computer science and the social sciences with expertise in artificial intelligence, software engineering, linguistics, control theory, neuroscience, human performance, and politeness and etiquette models.
Shellphish: Born at UC Santa Barbara in 2005 to play DEF CON’s Capture the Flag (CTF) hacking competition, Shellphish is comprised of more than 30 “hackademics” who work to solve hard problems in computer security in new ways. Shellphish explores the science behind hacking, looking for novel approaches to break and fix real-world systems.
Team Atlanta: Team Atlanta has achieved success in several hacking competitions and academic conferences. The team comprises experts from Georgia Tech, Samsung Research, the Korea Advanced Institute of Science & Technology, and the Pohang University of Science and Technology. They are focused on advancing next-generation security research.
Theori: Theori has experience spanning browsers to blockchains and a long history of winning security competitions, including eight wins at DEF CON CTF finals. Their AIxCC team is composed of AI researchers and security professionals in the U.S. and South Korea.
Trail of Bits: Trail of Bits is a small business that contributes to open-source software, develops tools, and shares knowledge. Their CRS, called Buttercup, aims to address the volume and complexity of open-source code that makes it difficult to secure. Their core AIxCC team is made up of 10 engineers with deep experience in developing novel software security tools, all working on various components of Buttercup.
For more information and for updates related to AIxCC at DEF CON 33, visit aicyberchallenge.com.
