How a government contest launched a revolution in AI-based bug hunting
How a government contest launched a revolution in AI-based bug hunting
Publish Date: 2026-05-18 08:02:00
Source Domain: www.cybersecuritydive.com
While the world alternates between panicking and fawning over Anthropic’s powerful new AI model Claude Mythos and its ability to discover serious software vulnerabilities, open-source AI systems are already revolutionizing the vulnerability-hunting landscape — at a far lower cost.
These increasingly sophisticated open-source tools are the product of the Defense Advanced Research Projects Agency’s (DARPA) Artificial Intelligence Cyber Challenge, a multiyear effort to spur the development of AI systems that can quickly find and fix bugs in America’s sprawling web of critical infrastructure. The vulnerability-hunting systems that emerged from DARPA’s contest didn’t get splashy launches like Claude Mythos or OpenAI’s similar new tool, but because they’re open source and much cheaper to run, they could help far more infrastructure providers, businesses and independent software developers.
With the DARPA competition in the rear-view mirror, the winning teams and other finalists are putting what they learned into practice to help secure open-source packages that quietly undergird the entire internet. While efforts to connect with critical infrastructure operators and their vendors remain nascent, DARPA and several competition winners told Cybersecurity Dive they’re thrilled with how effective the new AI tools have proven.
At a time when the U.S. cybersecurity workforce is stretched thin and adversaries are using AI to speed up their attacks, the nation’s best hope could be automated tools that find and help fix vulnerabilities before they lead to chaos.
Finding bugs everywhere
After DARPA announced its challenge’s three winners in August 2025, it created a $1.4 million bonus prize pot for competition finalists who used their AI systems to find and fix vulnerabilities in critically important software. The agency reviewed teams’ proposals to scrutinize important open-source packages and…
