Humans will never be fast enough. That’s the theory behind the Defense Advanced Research Projects Agency’s (DARPA) upcoming DEF CON hacking contest, the Cyber Grand Challenge (CGC).

According to Softpedia, the government agency is willing to shell out $4 million in prize money to the top teams fielding automated systems able to uncover network weaknesses, devise better protection strategies and disrupt cyberattacks.

Is this the future of digital defense?

Fight to the DEF CON

CGC got its start two years ago with qualification rounds. At this year’s DEF CON in Las Vegas, seven security teams will test their mettle to see who comes out on top.

As CGC project manager Mike Walker noted in a recent MIT Technology Review piece, there’s a need for this kind of security evolution, since “the comprehension and reaction to unknown flaws is entirely manual today.” Flaws can take up to a year to find and fix, giving attackers plenty of time to exploit software and services.

The goal of DARPA’s capture-the-flag contest is to “bring that response down to minutes or seconds.” According to CIO, the ultimate objective is to create automated systems that can match the expertise and knowledge of the best human experts with a significant speed advantage.

DEF CON Hacking Contest Rules and Prizes

Finalists have just 24 hours to break into and/or secure 10 software packages using only their automated systems.

In previous rounds, the teams defended and cracked more than 131 software versions and patched almost 600 flaws. The final will most likely up the stakes since teams have had more than a year to prepare.

DARPA requires that these new tools not only be able to hack themselves and other systems, but also reverse engineer software and develop patches on the fly. New iterations should be able to determine the ideal security release schedule and predict attacks before they happen.

It’s not a winner-take-all scenario: All finalists take home $750,000, but the best of the best could walk away with a cool $2 million.

A Real-Life Skynet?

DARPA’s challenge isn’t just an intellectual exercise. According to Inverse, cybercriminals are now the biggest threat to the financial stability of the U.S. The federal government considers digital threats extremely worrisome — no surprise, since the Federal Reserve came under cyberattack more than 50 times in the last five years.

But are autonomous systems the answer? Innovator Elon Musk says no. As noted by a recent TechWorm article, Musk said that events like the CGC could eventually spawn a real-life version of Skynet, a malicious global computer network made famous in the “Terminator” movie series.

This isn’t Musk’s first warning about too-intelligent AI. While his previous tweets were largely tongue in cheek, he might have a point: What if software gets smart enough to suspend human oversight?

Hacking the Status Quo

Less apocalyptic worries, however, may be more immediate: Since DARPA requires that all CGC competitors make their code open source, isn’t it possible for malicious actors to simply turn these sophisticated defense bots on their head and use them as a new threat vector?

DARPA’s counterpoint is that widely used, democratized technology should have a net positive effect since “the bugs that will be found will already be patched,” the MIT Technology Review noted.

The final word on DARPA going for broke with a big DEF CON hacking payday: It’s better than the status quo. Right now, cybercriminals are ahead of the game because human experts simply can’t keep up. Malicious supercomputers aside, improved autonomous solutions may be the best way to keep systems safe and let IT pros go toe to toe with cyberattackers.

More from

Emotional Blowback: Dealing With Post-Incident Stress

Cyberattacks are on the rise as adversaries find new ways of creating chaos and increasing profits. Attacks evolve constantly and often involve real-world consequences. The growing criminal Software-as-a-Service enterprise puts ready-made tools in the hands of threat actors who can use them against the software supply chain and other critical systems. And then there's the threat of nation-state attacks, with major incidents reported every month and no sign of them slowing. Amidst these growing concerns, cybersecurity professionals continue to report…

RansomExx Upgrades to Rust

IBM Security X-Force Threat Researchers have discovered a new variant of the RansomExx ransomware that has been rewritten in the Rust programming language, joining a growing trend of ransomware developers switching to the language. Malware written in Rust often benefits from lower AV detection rates (compared to those written in more common languages) and this may have been the primary reason to use the language. For example, the sample analyzed in this report was not detected as malicious in the…

Why Operational Technology Security Cannot Be Avoided

Operational technology (OT) includes any hardware and software that directly monitors and controls industrial equipment and all its assets, processes and events to detect or initiate a change. Yet despite occupying a critical role in a large number of essential industries, OT security is also uniquely vulnerable to attack. From power grids to nuclear plants, attacks on OT systems have caused devastating work interruptions and physical damage in industries across the globe. In fact, cyberattacks with OT targets have substantially…

Resilient Companies Have a Disaster Recovery Plan

Historically, disaster recovery (DR) planning focused on protection against unlikely events such as fires, floods and natural disasters. Some companies mistakenly view DR as an insurance policy for which the likelihood of a claim is low. With the current financial and economic pressures, cutting or underfunding DR planning is a tempting prospect for many organizations. That impulse could be costly. Unfortunately, many companies have adopted newer technology delivery models without DR in mind, such as Cloud Infrastructure-as-a-Service (IaaS), Software-as-a-Service (SaaS)…