Science and technology

Jackpot! ASU hackers win $2M at Vegas AI competition

Cybersecurity team will parlay winnings to prepare for 2025 AIxCC finale

Adam Doupé and the Shellphish team cheer from their seats in the Las Vegas Convention Center.

Adam Doupé (second from left), an associate professor of computer science and engineering in the School of Computing and Augmented Intelligence, part of the Ira A. Fulton Schools of Engineering at Arizona State University, leads Shellphish in a cheer following the cybersecurity team’s big win in a Las Vegas hacking competition in August. Photo courtesy of Jackie LeFevers/ASU

By Kelly deVos |
September 03, 2024

This August, a motley assortment of approximately 30,000 attendees, including some of the best cybersecurity professionals, expert programmers and officials from top government agencies packed the Las Vegas Convention Center for DEF CON, the world’s largest hacker convention.

At the convention, a cybersecurity cohort of professors, researchers and graduate students from Arizona State University waited anxiously in a crowded ballroom for the results of the semifinal round of the DARPA AI Cyber Challenge, also known as AIxCC.

The 25-person Shellphish team, comprised of "hackademics" from ASU, the University of California, Santa Barbara and Purdue University had been preparing for this day since March. They now waited on the edges of their seats for the answer to a burning question: Would they receive the $2 million in prize money that would enable them to continue their work?

The AIxCC is a competition hosted at DEF CON by the U.S. Defense Advanced Research Projects Agency, or DARPA, to spur the development of a cybersecurity system powered by artificial intelligence, or AI. Because of its desire to protect hospitals, pharmacies and medical devices from cyberattacks, the U.S. Advanced Research Projects Agency for Health, or ARPA-H, is also collaborating on the competition and has expanded the prize pool.

In the semifinals, $14 million was on the line. But the true stakes are even higher. The work is part of the U.S. government’s vital efforts to shore up national cybersecurity defense.

A massive cybersecurity workforce shortage, vulnerabilities in open-source software and a drastic rise in cybercrime have created a desperate need for solutions that can be deployed now to protect the nation’s technical infrastructure.

The team of Shellphish doctoral students pose at the bottom of a staircase.
Doctoral students from computer science and engineering programs, including those in the Fulton Schools, pause their work as part of the Shellphish team and take a break for a photo opportunity. Photo courtesy of Shellphish

Open-source software creates cybercrime openings

The Internet Crime Report compiled annually by the Federal Bureau of Investigation warns of an alarming growth in cybercrime, with a record number of complaints received in 2023 and reported financial losses set to exceed $12.5 billion annually. Meanwhile, there are an estimated 3.5 million unfilled cybersecurity jobs, with around 750,000 of those vacant positions open here in the U.S.

The widespread use of open-source software has created heightened vulnerabilities. With such software, source code is publicly available. Anyone can inspect the code, and anyone can modify it. Anyone can also comb through the code to spot security weaknesses. The Linux operating system, the web browser Mozilla Firefox and the web content management system WordPress are popular examples of open-source software.

In March, a lone engineer from Microsoft single-handedly prevented what NPR dubbed “the hack that almost broke the internet," spotting what’s now known as the XZ hack, an attack on an open-source data compression utility that would have made it possible for bad actors to remotely access millions of computers.

“We want to redefine how we secure widely used, critical codebases, because of how ubiquitous open-source is across the critical infrastructure sectors,” Andrew Carney, DARPA program manager for AIxCC and program manager for resilient systems at ARPA-H, told the Washington Post.

The ASU AIxCC team is part of a small business venture called the Shellphish Support Syndicate that is organized by Adam Doupé, Fish Wang and Yan Shoshitaishvili, three associate professors of computer science and engineering in the School of Computing and Augmented Intelligence, part of the Ira A. Fulton Schools of Engineering at Arizona State University. Its objective is to support the Shellphish team through education and research initiatives.

Working with doctoral students and researchers, Doupé, Wang and Shoshitaishvili, along with fellow Fulton Schools faculty member Tiffany Bao, collaborated on the development of an AI-based system called ARTIPHISHELL. Their solution can automatically analyze the code that runs a piece of software, correct any security vulnerabilities found and then retest the system.

“ARTIPHISHELL is a giant leap toward achieving our vision of humans working alongside AI to keep our software safe,” says Shoshitaishvili. “Addressing critical cybersecurity challenges will require us to invent new paradigms of collaboration between the human and digital world.”

A pink and purple mural at the entrance to DEF CON 2024.
A mural greets DEF CON attendees in the Las Vegas Convention Center. With more than 30,000 participants each year, DEF CON has become the world’s largest hacking convention. The event has emerged as a go-to destination for cybersecurity research and training. Photo courtesy of Jackie LeFevers/ASU

All bets are off

It’s this new vision they brought to the AIxCC Semifinals Competition.

The Shellphish team erupted in cheers at the announcement that they had won. The group is one of seven semifinal winners, out of more than 40 total entries, who will receive $2 million in funds to continue their development work.

Doupé, who is also the director of the Center for Cybersecurity and Trusted Foundations, notes that these types of AI systems are urgently needed for enterprise software as well. Many of these systems rely in part on open-source code, and even those that don’t need help with ongoing maintenance.

“Today, a company might hire a team of really good cybersecurity consultants to audit their system. That team will find and patch vulnerabilities,” he says. “Then they move on to their next project. But who tests the company’s system the next week? Or the week after that?”

The latest win marks $3 million in total prize money awarded to the Shellphish team from AIxCC competitions. The group received an initial $1 million in March in the first AIxCC round to fund the early work needed for ARTIPHISHELL. The winnings also supported the team’s travel and practice participation in cybersecurity competitions.

But now, Shellphish is getting ready to put their money back on the table and bet big that they’ll win in the next round.

They will head to Las Vegas next August for the AIxCC Final Competition where they will demonstrate their finished system live and compete for an additional $4 million prize.

Artificial intelligence Artificial Intelligence Donor School of Computing and Augmented Intelligence SDG 09 Industry, Innovation and Infrastructure Faculty Tempe campus Engineering Science and technology Alumni Student Global Security Initiative Ira A. Fulton Schools of Engineering Cybersecurity

More Science and technology

 

Artist rendering of a volcanic exoplanet.

ASU, Princeton scientists uncover surprising insights into habitability of super-Earths

A recent study conducted by a collaboration of scientists from Arizona State University and Princeton University have discovered that super-Earths — rocky planets up to approximately five times the…

Read this story
Grants / Awards Science Space exploration Research
Illustration of a collage of sketches including one of cancer molecules and one of geometric shapes on top of a dark green background.

Evolving the framework of cancer theory

Cancer cells are driven by the same imperative guiding all living things: to grow, survive and reproduce. Although cancer’s evolutionary underpinnings have been recognized since the 1950s, clinicians…

Read this story
Bioscience Research
A graphic announcing the "cool" products of TOMNET with people working in the foreground and computer screens with data in the background.

ASU travel behavior research center provides insights on the future of transportation

The Center for Teaching Old Models New Tricks, known as TOMNET, has spent the past seven years conducting research and developing tools to improve transportation systems planning methods and data.As…

Read this story
Grants / Awards Innovation Sustainability Research

Pagination

  • Current page 1
  • Page 2
  • Page 3
  • Page 4
  • Next
Arizona State University.
ASU News

Contact ASU News

Manage subscriptions

ASU News
Media Relations Science and Technology Arts, Humanities and Education Business and Entrepreneurship Health and Medicine Environment and Sustainability Law, Journalism and Politics Local, National and Global Affairs Sun Devil Community University News
University
Admissions Financial Aid President's Office About ASU ASU Home Emergency
Events
ASU Events Athletics
Maps and Locations Jobs Directory Contact ASU My ASU
Repeatedly ranked #1 in innovation (ASU ahead of MIT and Stanford), sustainability (ASU ahead of Stanford and UC Berkeley), and global impact (ASU ahead of MIT and Penn State)
Copyright and Trademark Accessibility Privacy Terms of Use Emergency