Challenge showcases AI’s power to secure America’s health care

Published

AI Cyber Challenge showcases AI’s Power to secure America’s hospitals and protect patient data 

Teams’ AI-driven systems find and patch real-world cyber vulnerabilities; made available open source for broad adoption 

At DEF CON 33, ARPA-H joined the Defense Advanced Research Projects Agency (DARPA) to announce the winners of the AI Cyber Challenge (AIxCC), a two-year competition to develop AI-enabled software that automatically identifies and patches vulnerabilities in the source code that underpins critical infrastructure.  

The top three teams included first-place winner Team Atlanta, comprised of experts from Georgia Tech, Samsung Research, the Korea Advanced Institute of Science & Technology, and the Pohang University of Science and Technology; second-place winner Trail of Bits,  a New York City-based small business; and third-place winner Theori, comprised of AI researchers and security professionals in the U.S. and Korea. The teams received $4 million, $3 million, and $1.5 million, respectively, for their performance in the Final Competition. 

ARPA-H joined AIxCC in March 2024 to help shape the competition and ensure it addressed critical vulnerabilities in health care. An increase in cyberattacks targeting our nation’s digital health infrastructure has brought heightened urgency to develop straightforward and dependable solutions to protect Americans’ data and access to care.  

“To address health care vulnerability, we need bold innovation at the intersection of AI, cybersecurity, and health,” said Deputy Secretary of Health and Human Services (HHS) Jim O’Neill, who joined the winners on stage during the prize announcement. “We need assertive proof of work approaches to keep networks, hospitals, and patients safer. That’s why over the past two years, HHS and the Department of Defense—through ARPA-H and DARPA—have led the AI Cyber Challenge to protect our nation’s health care from cyber threats.” 

In addition to lending its expertise, ARPA-H committed $20 million towards the competition’s prizes and to help transition competitors’ technology into real-world applications. At Finals, ARPA-H and DARPA upped the prize pool by announcing an additional $1.4 million in prizes for competing teams to integrate their technology into real-world infrastructure-relevant software, including hospital systems. 

“Since the launch of AIxCC, community members have moved from AI skeptics to advocates and adopters. Quality patching is a crucial accomplishment that demonstrates the value of combining AI with other cyber defense techniques,” said AIxCC Program Manager Andrew Carney. “What’s more, we see evidence that the process of a cyber reasoning system finding a vulnerability may empower patch development in situations where other code synthesis techniques struggle.” 

Through two years of competing, teams successfully demonstrated the ability of novel autonomous systems to secure the open-source software that underpins America’s health care infrastructure. 

All seven finalist teams’ Cyber Reasoning Systems (CRSs) will be made available as open-source software under a license approved by the Open Source Initiative. Currently, five teams have made their CRSs available; others will be released in the coming weeks. Other competition data will also be open sourced in the coming weeks to help advance the technology’s use and allow others to experiment and improve on AIxCC-developed technology. 

Public-private partnership has been a cornerstone of the competition since its inception with leading AI companies Anthropic, Google, Microsoft, and OpenAI making their cutting-edge technology and expertise available to challenge competitors. DARPA and ARPA-H will continue to work with public and private sector partners, including the teams, to transition the technology to widespread use.  

The adoption of technology developed during the AIxCC competition is essential for the health care sector. In the past decade, the United States has experienced a 300% surge in health care ransomware attacks, causing patient diversions to neighboring hospitals and, thus, worse health outcomes—including an 81% increase in cardiac arrest cases and higher morbidity. Additionally, these attacks have caused some hospitals to shutter their doors permanently, increasing chronic disease across entire regions. Securing America’s health care information systems will significantly improve health outcomes nationwide. 

“The success of today’s AIxCC finalists demonstrates the real-world potential of AI to address vulnerabilities in our health care system,” said ARPA-H Acting Director Jason Roos, Ph.D. “ARPA-H is committed to supporting these teams to transition their technologies and make a meaningful impact in health care security and patient safety.” 

AIxCC is just part of ARPA-H's wider cybersecurity portfolio that is designed to boost resilience of the digital health care sector. Ongoing research in digital security includes the DIGIHEALS program, as well as numerous efforts focused on maximizing the use of AI in developing treatments and diagnostics.  

To learn more about AIxCC, visit https://www.aicyberchallenge.com.  

Final Competition findings and highlights  

All seven competing teams worked on aggressively tight timelines to design automated systems that significantly advance cybersecurity research. 

In the Final Competition scored round, teams’ systems attempted to identify and generate patches for synthetic vulnerabilities across 54 million lines of code. Since the competition was based on real-world software, team CRSs could discover vulnerabilities not intentionally introduced to the competition. The scoring algorithm prioritized competitors’ performance based on the ability to create patches for vulnerabilities quickly and their analysis of bug reports. The winning team performed best at finding and proving vulnerabilities, generating patches, pairing vulnerabilities and patches, and scoring with the highest rate of accurate and quality submissions. 

In total, competitors’ systems discovered 54 unique synthetic vulnerabilities in the Final Competition’s 70 challenges. Of those, they patched 43. 

In the Final Competition, teams also discovered 18 real, non-synthetic vulnerabilities that are being responsibly disclosed to open-source project maintainers. Of these, six were in C codebases—including one vulnerability that was discovered and patched in parallel by maintainers—and 12 were in Java codebases. Teams also provided 11 patches for real, non-synthetic vulnerabilities. 

Competitor CRSs proved they can create valuable bug reports and patches for a fraction of the cost of traditional methods, with an average cost per competition task of about $152. Bug bounties can range from hundreds to hundreds of thousands of dollars. 

AIxCC is a collaboration between the public sector and leading AI companies. Anthropic, Google, and OpenAI provided technical support and each donated $350,000 in large language model credits – $50,000 to each team – to support CRS development for the Final Competition, in addition to $5,000 in large language model credits that Anthropic, Google, and OpenAI provided and Azure credits that Microsoft provided to each team for the Semifinal Competition. Microsoft and the Linux Foundation’s Open Source Security Foundation provided subject matter expertise to challenge organizers and participants throughout the competition.