In August 2023, OpenSSF announced our partnership with DARPA, to support the AI Cyber Challenge (AIxCC). We set up a generative AI and autonomy for cybersecurity (GaiaCS) project to support our partnership activities and today, we are excited to announce that OpenSSF has brought on board Will Pearce and Nick Landers to support GaiaCS and AIxCC.
Introducing Staff Support for GaiaCS and AIxCC
Will Pearce was the AI Red Team Lead for NVIDIA and Microsoft, he co-authored the Blackhat Machine Learning course, and has a body of public research on AI Red Teaming. Before diving into AI security, Will was a Senior Security Consultant and Network Operator at Silent Break Security, where he performed network operations, security research, and was an instructor for the popular Dark Side Ops courses.
Nick Landers previously served as Director of R&D at Silent Break Security and as VP of Research at NetSPI. Nick built tools in support of offensive operations, and authored the Dark Side Ops Courses given at industry conferences like Blackhat, as well as public and private groups.
Will and Nick bring expertise in AI Red Teaming, including research, tooling, evaluations, and cyber ranges to GaiaCS in support of AIxCC. OpenSSF staff continue to support this initiative, including Dr. David A. Wheeler.
David A. Wheeler is the Director of Open Source Supply Chain Security at the Open Source Security Foundation (OpenSSF) and teaches a graduate course in developing secure software at George Mason University (GMU). He is an expert on open source software (OSS) and on developing secure software. Dr. Wheeler has a PhD in Information Technology, a Master’s in Computer Science, a certificate in Information Security, a certificate in Software Engineering, and a B.S. in Electronics Engineering, all from George Mason University (GMU). He is a Certified Information Systems Security Professional (CISSP) and Senior Member of the Institute of Electrical and Electronics Engineers (IEEE). David lives in Northern Virginia.
Harry is the Chief of Staff at the OpenSSF. Harry has over 11 years of experience in the U.S. Defense and Intelligence sectors, focusing on the integration of emerging technologies, cybersecurity, data, and AI. His work includes significant contributions to the establishment of the DoD Chief Digital and AI Officer (CDAO), Defense Innovation Unit (DIU), and Defense Digital Service (DDS). Harry’s expertise lies in facilitating cross-capability collaboration, impacting the way organizations approach technological advancement and strategic initiatives.
How We Help
The open source software (OSS), data science, and AI/ML fields all rely heavily on shared, open, and secure components. We aim to encourage participants to continue that tradition for both tools and datasets. The success of this competition will require participation from not only security experts, but also AI subject matter experts, who together can help develop effective solutions.
In our advisory role, OpenSSF and its partners aim to promote openness, fairness, and community benefit throughout the competition process by:
- Releasing AIxCC projects, tools, and research as open source software wherever possible to maximize community impact.
- Publishing supporting materials, perspectives, and techniques to increase the diversity of solutions brought to the competition.
- Ensuring the competition scoring and systems themselves undergo rigorous adversarial testing for fairness and integrity, to increase the likelihood that the results would be useful in the real world.
- Providing competitor teams with actionable, constructive feedback to further collaboration and learning.
- Encouraging people to enter the competition. Will and Nick are experienced builders of capture-the-flag (CTF) competitions. We believe healthy competition will increase the likelihood of success and innovative solutions.
We look forward to the innovations driven by this initiative and how it may shape the future of automated software security. While no one can guarantee the results of research ahead-of-time, we believe this is an opportune time for people to dive in. Recent AI advances have become better at finding vulnerabilities and generating code – it’s time for our communities to work together on solving these difficult challenges.
Feel free to contact us with any questions and join the public OpenSSF Slack channel #openssf-aixcc-public.
About AIxCC
AIxCC is a two-year competition with the ambitious goal of bringing together the best and brightest in AI and cybersecurity to defend software. The challenge is to create automated systems that can make software more secure at scale. We established GaiaCS to effectively create a facility to onboard subject matter experts, like Will, Nick, and David, as well as resources to efficiently facilitate the integration of AI, cybersecurity, and OSS. Supporting the AIxCC challenge is directly aligned with our goal of a future where OSS is universally secure and reliable. A future where vulnerabilities can be discovered and fixed automatically before they can affect real-world systems.