DARPA’s Andrew Carney on AIxCC’s quest for truly autonomous AI

Greg Otto talks with Andrew Carney, project manager at DARPA, about the AIxCC competition. With the finals set to be held in August during DEF CON, they discuss how these autonomous systems fared in detecting and remediating vulnerabilities, as well as the key lessons learned from live exercises and the semifinals. The conversation highlights DARPA’s vision to merge formal software engineering with large language models to dramatically reduce software vulnerabilities and explains the scientific and engineering advances still needed to achieve this goal at scale. We also examine the challenges of safeguarding critical infrastructure, particularly when so much depends on open-source projects maintained by volunteers, and consider the impact of AI on patch deployment, code verification, and sustainable defense.

In the reporter chat, Greg talks with Matt Kapko about a story debunking the 16 billion password hack.

Also in this episode: Lenovo Executive Director and General Manager for Cybersecurity Solutions Nima Baiati and SentinelOne Vice President of Technology Partnerships and Strategic Initiatives Melissa K. Smith join SNG host Wyatt Kash in a sponsored podcast discussion about why securing the endpoint is paramount for IT professionals as AI-enabled workloads introduce complex and unseen security vulnerabilities. This episode was sponsored by Lenovo and SentinelOne.