• Home
• Members
• CGC
• AIxCC
• Shellphish Support Syndicate

The AI Cyber Challenge

The AI Cyber Challenge (AIxCC) is a two-year competition sponsored by DARPA and ARPA-H, designed to address pressing cybersecurity challenges in an increasingly interconnected world.

Complex open-source software is part of the backbone of essential systems from financial networks to public utilities, and therefore there is a need for autonomous, scalable, efficient, and robust AI-enabled cybersecurity solutions to identify vulnerabilities in software and fix them before they are exploited by adversaries with disastrous consequences.

AIxCC brings together top minds in AI and cybersecurity to develop innovative AI systems capable of safeguarding the software that underpins critical sectors, including healthcare, transportation, and public utilities. The competition offers a total of $29.5 million in prizes, with $7 million specifically allocated to small businesses to encourage entrepreneurial innovation.

AIxCC is a collaboration between leading AI companies, DARPA, and ARPA-H, ensuring that competitors have access to the latest technology and expertise. The competition also works closely with the open-source community, emphasizing the importance of securing open-source software, which is integral to much of the world's critical infrastructure.

The competition takes place at DEF CON, one of the world's premier cybersecurity conferences. The semifinals were carried out during DEF CON 2024, with the final competition at DEF CON 2025, where the top team will be awarded a $4 million prize.

The Shellphish team participates to this competition with a novel Cyber Reasoning System (CRS), called ARTIPHISHELL, which qualified for the final competition in August 2024, receiving a 2 million dollar award (see the press release for details).

The ARTIPHISHELL AI-based Cyber Reasoning System is the result of many year of research work from the members of the Shellphish hacker collective. Some of the relevant works published in the last ten years are listed below.

• ACTOR: Action-Guided Kernel Fuzzing
  Marius Fleischer, Dipanjan Das, Priyanka Bose, Weiheng Bai, Kangjie Lu, Mathias Payer, Christopher Kruegel, Giovanni Vigna
  Proceedings of the USENIX Security Symposium
  Los Angeles, USA August 2023
  [ PDF, Bib ]
• Toss a Fault to Your Witcher: Applying Grey-box Coverage-Guided Mutational Fuzzing to Detect SQL and Command Injection Vulnerabilities
  Erik Trickel, Fabio Pagani, Chang Zhu, Lukas Dresel, Giovanni Vigna, Christopher Kruegel, Ruoyu Wang, Tiffany Bao, Yan Shoshitaishvili, Adam Doupe
  Proceedings of the IEEE Symposium on Security and Privacy (SP)
  San Francisco May 2023
  [ PDF, Bib ]
• Fuzzware: Using Precise MMIO Modeling for Effective Firmware Fuzzing
  Tobias Scharnowski, Nils Bars, Moritz Schloegel, Eric Gustafson, Marius Muench, Giovanni Vigna, Christopher Kruegel, Thorsten Holz, Ali Abbas
  Proceedings of the USENIX Security Symposium
  Boston, USA August 2022
  [ PDF, Bib ]
• HEAPSTER: Analyzing the Security of Dynamic Allocators for Monolithic Firmware Images
  Fabio Gritti, Fabio Pagani, Ilya Grishchenko, Lukas Dresel, Nilo Redini, Christopher Kruegel, Giovanni Vigna
  Proceedings of the IEEE Symposium on Security and Privacy (SP)
  San Francisco May 2022
  [ PDF, Bib ]
• SyML: Guiding Symbolic Execution Toward Vulnerable States Through Pattern Learning
  Nicola Ruaro, Lukas Dresel, Kyle Zeng, Tiffany Bao, Mario Polino, Andrea Continella, Stefano Zanero, Christopher Kruegel, Giovanni Vigna
  Proceedings of the International Symposium on Research in Attacks, Intrusions and Defenses (RAID)
  San Sebastian, Spain October 2021
  [ PDF, Bib ]
• Token-Level Fuzzing
  Christopher Salls, Chani Jindal, Jake Corina, Christopher Kruegel, Giovanni Vigna
  Proceedings of the USENIX Security Symposium
  Virtual August 2021
  [ PDF, Bib ]
• Bran: Reduce Vulnerability Search Space in Large Open-Source Repositories by Learning Bug Symptoms
  Dongyu Meng, Michele Guerriero, Aravind Machiry, Hojjat Aghakhani, Priyanka Bose, Andrea Continella, Christopher Kruegel, Giovanni Vigna
  Proceedings of the ACM Asia Conference on Computer and Communications Security (AsiaCCS)
  Hong Kong, China June 2021
  [ PDF, Bib ]
• DIANE: Identifying Fuzzing Triggers in Apps to Generate Under-constrained Inputs for IoT Devices
  Nilo Redini, Andrea Continella, Dipanjan Das, Giulio Pasquale, Noah Spahn, Aravind Machiry, Antonio Bianchi, Christopher Kruegel, Giovanni Vigna
  Proceedings of the IEEE Symposium on Security and Privacy
  Virtual May 2021
  [ PDF, Bib ]
• Exploring Abstraction Functions in Fuzzing
  Christopher Salls, Aravind Machiry, Adam Doupe, Yan Shoshitaishvili, Christopher Kruegel, Giovanni Vigna
  Proceedings of the IEEE Conference on Communications and Network Security (CNS)
  Avignon, France June 2020
  [ PDF, Bib ]
• SYMBION: Interleaving Symbolic with Concrete Execution
  Fabio Gritti, Lorenzo Fontana, Eric Gustafson, Fabio Pagani, Andrea Continella, Christopher Kruegel, Giovanni Vigna
  Proceedings of the IEEE Conference on Communications and Network Security (CNS)
  Avignon, France June 2020
  [ PDF, Bib ]
• SPIDER: Enabling Fast Patch Propagation in Related Software Repositories
  Aravind Machiry, Nilo Redini, Eric Camellini, Christopher Kruegel, Giovanni Vigna
  Proceedings of the IEEE Symposium on Security and Privacy
  San Francisco, CA May 2020
  [ PDF, Bib ]
• KARONTE: Detecting Insecure Multi-binary Interactions in Embedded Firmware
  Nilo Redini, Aravind Machiry, Ruoyu Wang, Chad Spensky, Andrea Continella, Yan Shoshitaishvili, Christopher Kruegel, Giovanni Vigna
  Proceedings of the IEEE Symposium on Security and Privacy
  San Francisco, CA May 2020
  [ PDF, Bib ]
• Sleak: Automating Address Space Layout Derandomization
  Christophe Hauser, Jayakrishna Menon, Yan Shoshitaishvili, Ruoyu Wang, Giovanni Vigna, Christopher Kruegel
  Proceedings of the Annual Computer Security Applications Conference (ACSAC)
  San Juan, Puerto Rico December 2019
  [ PDF, Bib ]
• PeriScope: An Effective Probing and Fuzzing Framework for the Hardware-OS Boundary
  Dokyung Song, Felicitas Hetzelt, Dipanjan Das, Chad Spensky, Yeoul Na, Stijn Volckaert, Giovanni Vigna, Christopher Kruegel, Jean-Pierre Seifert, Michael Franz
  Proceedings of the Network and Distributed Systems Security Symposium (NDSS)
  San Diego, USA February 2019
  [ PDF, Bib ]
• HeapHopper: Bringing Bounded Model Checking to Heap Implementation Security
  Moritz Eckert, Antonio Bianchi, Ruoyu Wang, Yan Shoshitaishvili, Christopher Kruegel, Giovanni Vigna
  Proceedings of the USENIX Security Symposium
  Baltimore, MD August 2018
  [ PDF, Bib ]
• Mechanical Phish: Resilient Autonomous Hacking
  Yan Shoshitaishvili, Antonio Bianchi, Kevin Borgolte, Amat Cama, Jacopo Corbetta, Francesco Disperati, Audrey Dutcher, John Grosen, Paul Grosen, Aravind Machiry, Chris Salls, Nick Stephens, Ruoyu Wang, Giovanni Vigna
  IEEE Security and Privacy Magazine
  vol. 16, no. 2 March 2018
  [ PDF, Bib ]
• Piston: Uncooperative Remote Runtime Patching
  Christopher Salls, Yan Shoshitaishvili, Nick Stephens, Christopher Kruegel, Giovanni Vigna
  Proceedings of the Annual Computer Security Applications Conference (ACSAC)
  Orlando, FL December 2017
  [ PDF, Bib ]
• Rise of the HaCRS: Augmenting Autonomous Cyber Reasoning Systems with Human Assistance
  Yan Shoshitaishvili, Michael Weissbacher, Lukas Dresel, Christopher Salls, Ruoyu Wang, Christopher Kruegel, Giovanni Vigna
  Proceedings of the ACM Conference on Computer and Communications Security (CCS)
  Dallas, TX October 2017
  [ PDF, Bib ]
• DIFUZE: Interface Aware Fuzzing for Kernel Drivers
  Jake Corina, Aravind Machiry, Christopher Salls, Yan Shoshitaishvili, Shuang Hao, Christopher Kruegel, Giovanni Vigna
  Proceedings of the ACM Conference on Computer and Communications Security (CCS)
  Dallas, TX October 2017
  [ PDF, Bib ]
• DR.CHECKER: A Soundy Analysis for Linux Kernel Drivers
  Aravind Machiry, Chad Spensky, Jake Corina, Nick Stephens, Christopher Kruegel, Giovanni Vigna
  Proceedings of the USENIX Security Symposium
  Vancouver, BC August 2017
  [ PDF, Bib ]
• Ramblr: Making Reassembly Great Again
  Ruoyu Wang, Yan Shoshitaishvili, Antonio Bianchi, Aravind Machiry, John Grosen, Paul Grosen, Christopher Kruegel, Giovanni Vigna
  Proceedings of the Network and Distributed System Security Symposium (NDSS)
  San Diego, CA February 2017
  [ PDF, Bib ]
• Cyber Grand Shellphish
  Shellphish Group
  Phrack Magazine
  Online Publication January 2017
  [ PDF, Bib ]
• (State of) The Art of War: Offensive Techniques in Binary Analysis
  Yan Shoshitaishvili, Ruoyu Wang, Christopher Salls, Nick Stephens, Mario Polino, Audrey Dutcher, John Grosen, Siji Feng, Christophe Hauser, Christopher Kruegel, Giovanni Vigna
  Proceedings of the IEEE Symposium on Security and Privacy
  San Jose, CA May 2016
  [ PDF, Bib ]
• Driller: Augmenting Fuzzing Through Selective Symbolic Execution
  Nick Stephens, John Grosen, Christopher Salls, Audrey Dutcher, Ruoyu Wang, Jacopo Corbetta, Yan Shoshitaishvili, Christopher Kruegel, Giovanni Vigna
  Proceedings of the Network and Distributed System Security Symposium (NDSS)
  San Diego, CA February 2016
  [ PDF, Bib ]
• Firmalice - Automatic Detection of Authentication Bypass Vulnerabilities in Binary Firmware
  Yan Shoshitaishvili, Ruoyu Wang, Christophe Hauser, Christopher Kruegel, Giovanni Vigna
  Proceedings of the Network and Distributed System Security Symposium (NDSS)
  San Diego, CA February 2015
  [ PDF, Bib ]