July 26, 2016 By Douglas Bonderud 2 min read

Humans will never be fast enough. That’s the theory behind the Defense Advanced Research Projects Agency’s (DARPA) upcoming DEF CON hacking contest, the Cyber Grand Challenge (CGC).

According to Softpedia, the government agency is willing to shell out $4 million in prize money to the top teams fielding automated systems able to uncover network weaknesses, devise better protection strategies and disrupt cyberattacks.

Is this the future of digital defense?

Fight to the DEF CON

CGC got its start two years ago with qualification rounds. At this year’s DEF CON in Las Vegas, seven security teams will test their mettle to see who comes out on top.

As CGC project manager Mike Walker noted in a recent MIT Technology Review piece, there’s a need for this kind of security evolution, since “the comprehension and reaction to unknown flaws is entirely manual today.” Flaws can take up to a year to find and fix, giving attackers plenty of time to exploit software and services.

The goal of DARPA’s capture-the-flag contest is to “bring that response down to minutes or seconds.” According to CIO, the ultimate objective is to create automated systems that can match the expertise and knowledge of the best human experts with a significant speed advantage.

DEF CON Hacking Contest Rules and Prizes

Finalists have just 24 hours to break into and/or secure 10 software packages using only their automated systems.

In previous rounds, the teams defended and cracked more than 131 software versions and patched almost 600 flaws. The final will most likely up the stakes since teams have had more than a year to prepare.

DARPA requires that these new tools not only be able to hack themselves and other systems, but also reverse engineer software and develop patches on the fly. New iterations should be able to determine the ideal security release schedule and predict attacks before they happen.

It’s not a winner-take-all scenario: All finalists take home $750,000, but the best of the best could walk away with a cool $2 million.

A Real-Life Skynet?

DARPA’s challenge isn’t just an intellectual exercise. According to Inverse, cybercriminals are now the biggest threat to the financial stability of the U.S. The federal government considers digital threats extremely worrisome — no surprise, since the Federal Reserve came under cyberattack more than 50 times in the last five years.

But are autonomous systems the answer? Innovator Elon Musk says no. As noted by a recent TechWorm article, Musk said that events like the CGC could eventually spawn a real-life version of Skynet, a malicious global computer network made famous in the “Terminator” movie series.

This isn’t Musk’s first warning about too-intelligent AI. While his previous tweets were largely tongue in cheek, he might have a point: What if software gets smart enough to suspend human oversight?

Hacking the Status Quo

Less apocalyptic worries, however, may be more immediate: Since DARPA requires that all CGC competitors make their code open source, isn’t it possible for malicious actors to simply turn these sophisticated defense bots on their head and use them as a new threat vector?

DARPA’s counterpoint is that widely used, democratized technology should have a net positive effect since “the bugs that will be found will already be patched,” the MIT Technology Review noted.

The final word on DARPA going for broke with a big DEF CON hacking payday: It’s better than the status quo. Right now, cybercriminals are ahead of the game because human experts simply can’t keep up. Malicious supercomputers aside, improved autonomous solutions may be the best way to keep systems safe and let IT pros go toe to toe with cyberattackers.

More from

How to craft a comprehensive data cleanliness policy

3 min read - Practicing good data hygiene is critical for today’s businesses. With everything from operational efficiency to cybersecurity readiness relying on the integrity of stored data, having confidence in your organization’s data cleanliness policy is essential.But what does this involve, and how can you ensure your data cleanliness policy checks the right boxes? Luckily, there are practical steps you can follow to ensure data accuracy while mitigating the security and compliance risks that come with poor data hygiene.Understanding the 6 dimensions of…

2024 roundup: Top data breach stories and industry trends

3 min read - With 2025 on the horizon, it’s important to reflect on the developments and various setbacks that happened in cybersecurity this past year. While there have been many improvements in security technologies and growing awareness of emerging cybersecurity threats, 2024 was also a hard reminder that the ongoing fight against cyber criminals is far from over.We've summarized this past year's top five data breach stories and industry trends, with key takeaways from each that organizations should note going into the following…

Black Friday chaos: The return of Gozi malware

4 min read - On November 29th, 2024, Black Friday, shoppers flooded online stores to grab the best deals of the year. But while consumers were busy filling their carts, cyber criminals were also seizing the opportunity to exploit the shopping frenzy. Our system detected a significant surge in Gozi malware activity, targeting financial institutions across North America. The Black Friday connection Black Friday creates an ideal environment for cyber criminals to thrive. The combination of skyrocketing transaction volumes, a surge in online activity…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today