DARPA's Automated Bug Hunter Could Revolutionize Cybersecurity

Right now, finding and patching exploits is difficult. Could machine learning solve that problem?

A close-up of a green-blue eye with a digital imprint effect representing cybersecurity
Flickr / Joly_68

The year is 2025, and the head of IT at IvankaCorp – the world’s leading provider of lifestyle solutions for the Space Colonizer with style – gets a message on her bespoke ultra-thin tablet. “Hi Tiff,” the message reads. “This is Alfred, your A.I.-powered, anti-intrusion cybersecurity analyst. I may just be a machine, but ten seconds ago I found an undiscovered exploit in one of our low-orbiting servers and fixed it for you. Click OK to accept and enjoy the rest of your day.”

Buckle up, because at least one of the hypotheticals in that scenario will probably come to pass at some point in the future. Mike Walker, a computer scientist at Defense Advanced Research Projects Agency who specializes in machine learning, predicts that automated cybersecurity is the future.

Walker told a room full of computer security experts just that this week at the annual O’Reilly Security conference in New York before he presented the results of DARPA’s recent Grand Cyber Challenge, which he launched in 2013. The event offered proof that machines could hunt and patch bugs on their own, a revelation that could prove revolutionary.

“Imagine a future where you have the job of managing a network,” Walker told the audience, before setting up the scenario where a security operations A.I. monitors your network for you. One day you might receive an urgent text from that A.I. system:

I detected a zero-day flaw used to breach a work station. I wrote and deployed a patch in 20 seconds, could you please come help?

“It may be hard to believe, but I believe it is coming,” Walker said.

This is not just a cool thing DARPA figured out how to do. As Walker describes it, this event in machine learning is analogous to a moment in 2005, when DARPA challenged self-driving cars to navigate a mountainside that blocked their GPS reception — forcing the vehicles to rely solely on A.I. That breakthrough happened at Beer Bottle Pass in Nevada, and although it doesn’t sound like much now, “this moment, where AI navigated very difficult paths all on its own, was the beginning of belief in the technology community that someday AI would be driving us around.”

The Grand Cyber Challenge was the Beer Bottle Pass moment for cybersecurity. Why does that matter? Well, for now, attacking systems is very cheap and defending them is expensive and difficult. If machines can defend software and hardware faster than attackers can discover new exploits, that changes the entire economy of cybercrime and potentially cyberwar.

The future patrons of IvankaCorp deserve nothing less.

Related Tags