{"678393":{"#nid":"678393","#data":{"type":"news","title":"Google Cybersecurity Team Inspired by Georgia Tech\u2019s AIxCC Win","body":[{"value":"\u003Cdiv\u003E\u003Cdiv\u003E\u003Cp\u003EMembers of the recently victorious cybersecurity group known as Team Atlanta received recognition from one of the top technology companies in the world for their discovery of a zero-day vulnerability in the \u003Ca href=\u0022https:\/\/www.cc.gatech.edu\/news\/cybersecurity-team-wins-2-million-grand-challenge-semi-final\u0022\u003EDARPA AI Cyber Challenge (AIxCC)\u003C\/a\u003E earlier this year.\u0026nbsp;\u003C\/p\u003E\u003Cp\u003EOn November 1, a team of Google\u2019s security researchers from \u003Ca href=\u0022https:\/\/googleprojectzero.blogspot.com\/2024\/10\/from-naptime-to-big-sleep.html\u0022\u003EProject Zero\u003C\/a\u003E announced they were inspired by the Georgia Tech students and alumni on the team that discovered a flaw in SQLite. This widely used open-source database ran the competition\u2019s scoring algorithm.\u0026nbsp;\u003C\/p\u003E\u003Cp\u003EAccording to a post from the project\u2019s blog, when Google researchers saw the success of \u003Ca href=\u0022https:\/\/team-atlanta.github.io\/\u0022\u003EAtlantis\u003C\/a\u003E, the large language model (LLM) used in AIxCC, they deployed their LLM to check vulnerabilities in SQLite.\u0026nbsp;\u003C\/p\u003E\u003Cp\u003EGoogle\u2019s Big Sleep tool discovered a security flaw in SQLite, an exploitable stack buffer underflow. Project Zero reported the vulnerability and it was patched almost immediately.\u0026nbsp;\u003C\/p\u003E\u003Cp\u003E\u201cWe\u2019re thrilled to see our work on LLM-based bug discovery and remediation inspiring further advancements in security research at Google,\u201d said \u003Cstrong\u003EHanqing Zhao\u003C\/strong\u003E, a Georgia Tech Ph.D. student. \u201cIt\u2019s incredibly rewarding to witness the broader community recognizing and citing our contributions to AI and LLM-driven security efforts.\u201d\u003C\/p\u003E\u003Cp\u003EZhao led a group within Team Atlanta focused on tracking their project\u2019s success during the competition, leading to the bug\u0027s discovery. He also wrote a \u003Ca href=\u0022https:\/\/team-atlanta.github.io\/blog\/post-asc-sqlite\/\u0022\u003Etechnical breakdown\u003C\/a\u003E of their findings in a blog post cited by Google\u2019s Project Zero.\u0026nbsp;\u003C\/p\u003E\u003Cp\u003E\u201cThis achievement was entirely autonomous, without any human intervention, and we hadn\u2019t even anticipated targeting SQLite3,\u201d he said. \u201cThe outcome highlighted the transformative potential of generative AI in security research. Our approach is rooted in a simple yet effective philosophy: mimic the expertise of seasoned security researchers using LLMs.\u201d\u003C\/p\u003E\u003Cp\u003EThe DARPA AI Cyber Challenge (AIxCC) semi-final competition was held at DEF CON 32 in Las Vegas. Team Atlanta, which included Georgia Tech experts, was among the contest\u2019s winners. \u0026nbsp;\u003C\/p\u003E\u003Cp\u003ETeam Atlanta will now compete against six other teams in the final round, which will take place at DEF CON 33 in August 2025. The finalists will use the $2 million semi-final prize to improve their AI system over the next 12 months. Team Atlanta consists of past and present Georgia Tech students and was put together with the help of SCP Professor \u003Cstrong\u003ETaesoo Kim\u003C\/strong\u003E.\u003C\/p\u003E\u003Cp\u003EThe AI systems in the finals must be open-sourced and ready for immediate, real-world launch. The AIxCC final competition will award the champion a $4 million grand prize.\u003C\/p\u003E\u003Cp\u003EThe team tested their cyber reasoning system (CRS), dubbed Atlantis, on software used for data management, website support, healthcare systems, supply chains, electrical grids, transportation, and other critical infrastructures.\u003C\/p\u003E\u003Cp\u003EAtlantis is a next-generation, bug-finding and fixing system that can hunt bugs in multiple coding languages. The system immediately issues accurate software patches without any human intervention.\u0026nbsp;\u003C\/p\u003E\u003Cp\u003EAIxCC is a Pentagon-backed initiative announced in August 2023 and will award up to $20 million in prize money throughout the competition. Team Atlanta was among the 42 teams that qualified for the semi-final competition earlier this year.\u003C\/p\u003E\u003C\/div\u003E\u003C\/div\u003E","summary":"","format":"limited_html"}],"field_subtitle":"","field_summary":[{"value":"\u003Cp\u003ETeam Atlanta, a cybersecurity team of Georgia Tech students and alumni, gained recognition from Google\u2019s Project Zero after discovering a zero-day vulnerability in SQLite during the DARPA AI Cyber Challenge (AIxCC) this year. Their AI system, Atlantis, autonomously identified and patched security flaws without human input. Google, inspired by their success, used its own AI tool, Big Sleep, to find and address another SQLite vulnerability.\u003C\/p\u003E","format":"limited_html"}],"field_summary_sentence":[{"value":"Team Atlanta, a cybersecurity team of Georgia Tech students and alumni, gained recognition from Google\u2019s Project Zero after discovering a zero-day vulnerability in SQLite during the DARPA AI Cyber Challenge (AIxCC) this year. "}],"uid":"36253","created_gmt":"2024-11-13 15:15:55","changed_gmt":"2024-11-13 15:59:11","author":"John Popham","boilerplate_text":"","field_publication":"","field_article_url":"","location":"Atlanta, GA","dateline":{"date":"2024-11-04T00:00:00-05:00","iso_date":"2024-11-04T00:00:00-05:00","tz":"America\/New_York"},"extras":[],"hg_media":{"675619":{"id":"675619","type":"image","title":"Team Atlanta Group Photo.jpg","body":null,"created":"1731512793","gmt_created":"2024-11-13 15:46:33","changed":"1731512793","gmt_changed":"2024-11-13 15:46:33","alt":"a group of students and alumni","file":{"fid":"259261","name":"Team Atlanta Group Photo.jpg","image_path":"\/sites\/default\/files\/2024\/11\/13\/Team%20Atlanta%20Group%20Photo.jpg","image_full_path":"http:\/\/hg.gatech.edu\/\/sites\/default\/files\/2024\/11\/13\/Team%20Atlanta%20Group%20Photo.jpg","mime":"image\/jpeg","size":1024967,"path_740":"http:\/\/hg.gatech.edu\/sites\/default\/files\/styles\/740xx_scale\/public\/2024\/11\/13\/Team%20Atlanta%20Group%20Photo.jpg?itok=X8gxWqYk"}}},"media_ids":["675619"],"groups":[{"id":"47223","name":"College of Computing"},{"id":"1188","name":"Research Horizons"},{"id":"660373","name":"School of Cybersecurity \u0026 Privacy (Do not use)"},{"id":"660367","name":"School of Cybersecurity and Privacy"}],"categories":[{"id":"153","name":"Computer Science\/Information Technology and Security"},{"id":"134","name":"Student and Faculty"},{"id":"193158","name":"Student Competition Winners (academic, innovation, and research)"},{"id":"193157","name":"Student Honors and Achievements"}],"keywords":[{"id":"190091","name":"Google AI"},{"id":"192863","name":"go-ai"},{"id":"188776","name":"go-research"},{"id":"187915","name":"go-researchnews"},{"id":"193480","name":"Cyber Attack; cyber threats report; cybersecurity; talk; seminar; "}],"core_research_areas":[{"id":"193655","name":"Artificial Intelligence at Georgia Tech"},{"id":"145171","name":"Cybersecurity"},{"id":"39501","name":"People and Technology"}],"news_room_topics":[],"event_categories":[],"invited_audience":[],"affiliations":[],"classification":[],"areas_of_expertise":[],"news_and_recent_appearances":[],"phone":[],"contact":[{"value":"\u003Cp\u003EJohn Popham\u003C\/p\u003E\u003Cp\u003ECommunications Officer II | School of Cybersecurity and Privacy\u003C\/p\u003E","format":"limited_html"}],"email":["jpopham3@gatech.edu"],"slides":[],"orientation":[],"userdata":""}}}