DARPA believes AI Cyber Challenge could upend patching as the industry knows it | CyberScoop<\/title> <meta name=\"description\" content=\"Federal research leaders suggested Tuesday that AI could lead industries to \u201cnearly eliminate software vulnerabilities\u201d in critical infrastructure.\"> <link rel=\"canonical\" href=\"https:\/\/cyberscoop.com\/darpa-ai-grand-challenge-rsac-2025-patching\/\"> <meta property=\"og:locale\" content=\"en_US\"> <meta property=\"og:type\" content=\"article\"> <meta property=\"og:title\" content=\"DARPA believes AI Cyber Challenge could upend patching as the industry knows it \"> <meta property=\"og:description\" content=\"Federal research leaders suggested Tuesday that AI could lead industries to \u201cnearly eliminate software vulnerabilities\u201d in critical infrastructure.\"> <meta property=\"og:url\" content=\"https:\/\/cyberscoop.com\/darpa-ai-grand-challenge-rsac-2025-patching\/\"> <meta property=\"og:site_name\" content=\"CyberScoop\"> <meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/cyberscoop\/\"> <meta property=\"article:published_time\" content=\"2025-04-30T05:29:17+00:00\"> <meta property=\"article:modified_time\" content=\"2025-04-30T05:29:19+00:00\"> <meta name=\"author\" content=\"Greg Otto\"> <meta name=\"twitter:card\" content=\"summary_large_image\"> <meta name=\"twitter:image\" content=\"https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/04\/darpa-believes-ai-cyber-challenge-could-upend-patching-as-the-industry-knows-it-2.jpg\"> <meta name=\"twitter:creator\" content=\"@gregotto\"> <meta name=\"twitter:site\" content=\"@CyberScoopNews\">  <link rel=\"dns-prefetch\" href=\"\/\/securepubads.g.doubleclick.net\">\n<link rel=\"dns-prefetch\" href=\"\/\/use.typekit.net\">\n<link rel=\"alternate\" type=\"application\/rss+xml\" title=\"CyberScoop \u00bb Feed\" href=\"https:\/\/cyberscoop.com\/feed\/\">\n<link rel=\"alternate\" type=\"application\/rss+xml\" title=\"CyberScoop \u00bb Comments Feed\" href=\"https:\/\/cyberscoop.com\/comments\/feed\/\"> <link rel=\"stylesheet\" id=\"all-css-2\" href=\"https:\/\/cyberscoop.com\/wp-includes\/css\/dist\/block-library\/style.min.css?m=1744740145g\" type=\"text\/css\" media=\"all\"> <link rel=\"stylesheet\" id=\"all-css-6\" href=\"https:\/\/cyberscoop.com\/wp-content\/mu-plugins\/search\/elasticpress\/dist\/css\/related-posts-block-styles.min.css?m=1745433273g\" type=\"text\/css\" media=\"all\"> <link rel=\"stylesheet\" id=\"all-css-8\" href=\"https:\/\/cyberscoop.com\/wp-content\/themes\/scoopnewsgroup\/dist\/css\/frontend.css?m=1740691656g\" type=\"text\/css\" media=\"all\">\n<link rel=\"stylesheet\" id=\"typekit-css\" href=\"https:\/\/use.typekit.net\/itk2qbh.css?ver=a815169637cf454b7376\" media=\"all\"> <link rel=\"https:\/\/api.w.org\/\" href=\"https:\/\/cyberscoop.com\/wp-json\/\"><link rel=\"alternate\" title=\"JSON\" type=\"application\/json\" href=\"https:\/\/cyberscoop.com\/wp-json\/wp\/v2\/posts\/84365\"><link rel=\"EditURI\" type=\"application\/rsd+xml\" title=\"RSD\" href=\"https:\/\/cyberscoop.com\/xmlrpc.php?rsd\">\n<meta name=\"generator\" content=\"WordPress 6.8\">\n<link rel=\"shortlink\" href=\"https:\/\/cyberscoop.com\/?p=84365\">\n<link rel=\"alternate\" title=\"oEmbed (JSON)\" type=\"application\/json+oembed\" href=\"https:\/\/cyberscoop.com\/wp-json\/oembed\/1.0\/embed?url=https%3A%2F%2Fcyberscoop.com%2Fdarpa-ai-grand-challenge-rsac-2025-patching%2F\">\n<link rel=\"alternate\" title=\"oEmbed (XML)\" type=\"text\/xml+oembed\" href=\"https:\/\/cyberscoop.com\/wp-json\/oembed\/1.0\/embed?url=https%3A%2F%2Fcyberscoop.com%2Fdarpa-ai-grand-challenge-rsac-2025-patching%2F&format=xml\">   <link rel=\"icon\" href=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=32\" sizes=\"32x32\">\n<link rel=\"icon\" href=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=192\" sizes=\"192x192\">\n<link rel=\"apple-touch-icon\" href=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=180\">\n<meta name=\"msapplication-TileImage\" content=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=270\"> <\/head><body class=\"wp-singular post-template-default single single-post postid-84365 single-format-standard wp-theme-scoopnewsgroup wp-child-theme-cyberscoop\" id=\"readabilityBody\"> <a href=\"https:\/\/cyberscoop.com\/darpa-ai-grand-challenge-rsac-2025-patching\/#main\" class=\"skip-to-content-link visually-hidden-focusable\">Skip to main content<\/a> <\/p>\n<div class=\"ad ad--top ad--top-desktop\">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<p> <main id=\"main\" role=\"main\" tabindex=\"-1\"> <\/p>\n<div class=\"ad ad--top ad--top-mobile\">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<section id=\"stickybar\" class=\"stickybar stickybar--event js-stickybar\">\n<div class=\"stickybar__details\" readability=\"4.9180327868852\">\n<div class=\"stickybar__info js-sticky-bar-content\" readability=\"32\">\n<p>Voting is open for the 2025 CyberScoop 50 awards!<\/p>\n<\/div>\n<p> <a class=\"stickybar__link button button-tertiary\" href=\"https:\/\/cyberscoop.com\/cyberscoop50\/\">Click here!<\/a> <\/div>\n<p> <button class=\"stickybar__close js-stickybar-close\" aria-controls=\"stickybar\"> <svg class=\"icon icon--close\" width=\"21\" height=\"22\" viewBox=\"0 0 21 22\" fill=\"none\"><path d=\"m.822.518-.805.805L9.695 11 .017 20.678l.805.805 9.678-9.678 9.677 9.678.806-.805L11.305 11l9.678-9.677-.806-.805-9.677 9.677L.822.518Z\" fill=\"currentColor\" \/><\/svg> <span class=\"visually-hidden\">Close<\/span> <\/button> <\/section>\n<article class=\"single-article content\">\n<div class=\"single-article__container js-single-article-content\">\n<header class=\"single-article__header \" readability=\"25.826789838337\">\n<div class=\"single-article__header-content\" readability=\"35.052631578947\">\n<p> Federal research leaders suggested Tuesday that AI could lead industries to \u201cnearly eliminate software vulnerabilities\u201d in critical infrastructure. <\/p>\n<p>  <br \/>\n<audio id=\"audio-player\" src=\"https:\/\/wp-tts-cdn.api.scpnewsgrp.com\/cyberscoop\/84365\/english.openai.mp3\"><\/audio> <\/p>\n<div readability=\"11\">\n<div>\n<p>Listen to this article<\/p>\n<p>  <\/p>\n<p>0:00<\/p>\n<\/p><\/div>\n<p>  <\/p>\n<p> <span id=\"tts-tooltip\">Learn more.<\/span> <span> This feature uses an automated voice, which may result in occasional errors in pronunciation, tone, or sentiment. <\/span> <\/p>\n<\/div>\n<p>  <\/div>\n<div class=\"single-article__cover-wrap\">\n<figure class=\"single-article__cover\"> <img data-recalc-dims=\"1\" fetchpriority=\"high\" width=\"640\" height=\"426\" src=\"https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2025\/04\/darpa-believes-ai-cyber-challenge-could-upend-patching-as-the-industry-knows-it.jpg?resize=640%2C426&ssl=1\" class=\"single-article__cover-image wp-post-image\" alt decoding=\"async\" fetchpriority=\"high\" srcset=\"https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/04\/darpa-believes-ai-cyber-challenge-could-upend-patching-as-the-industry-knows-it-2.jpg 6000w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/04\/darpa-believes-ai-cyber-challenge-could-upend-patching-as-the-industry-knows-it-2.jpg?resize=300,200 300w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/04\/darpa-believes-ai-cyber-challenge-could-upend-patching-as-the-industry-knows-it-2.jpg?resize=768,512 768w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/04\/darpa-believes-ai-cyber-challenge-could-upend-patching-as-the-industry-knows-it-2.jpg?resize=1024,683 1024w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/04\/darpa-believes-ai-cyber-challenge-could-upend-patching-as-the-industry-knows-it-2.jpg?resize=1536,1024 1536w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/04\/darpa-believes-ai-cyber-challenge-could-upend-patching-as-the-industry-knows-it-2.jpg?resize=2048,1365 2048w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/04\/darpa-believes-ai-cyber-challenge-could-upend-patching-as-the-industry-knows-it-2.jpg?resize=600,400 600w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/04\/darpa-believes-ai-cyber-challenge-could-upend-patching-as-the-industry-knows-it-2.jpg?resize=252,168 252w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/04\/darpa-believes-ai-cyber-challenge-could-upend-patching-as-the-industry-knows-it-2.jpg?resize=506,337 506w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/04\/darpa-believes-ai-cyber-challenge-could-upend-patching-as-the-industry-knows-it-2.jpg?resize=1013,675 1013w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/04\/darpa-believes-ai-cyber-challenge-could-upend-patching-as-the-industry-knows-it-2.jpg?resize=1265,843 1265w\" sizes=\"(max-width: 1013px) 100vw, 1013px\"><figcaption> (Getty Images) <\/figcaption><\/figure>\n<\/p><\/div>\n<\/header>\n<div class=\"single-article__content\">\n<div class=\"single-article__content-inner has-drop-cap\"> <html readability=\"38.816917293233\"><body readability=\"78.084588644264\"><\/p>\n<p><strong>SAN FRANCISCO \u2014<\/strong> Leaders of various federal research agencies and departments outlined a vision Tuesday for the future of critical infrastructure security, emphasizing the promise of combining formal software development methods with large language models (LLMs). <\/p>\n<p>Acting DARPA Director Rob McHenry told an audience at the RSAC 2025 Conference that such a combination could \u201cvirtually eliminate software vulnerabilities\u201d across foundational system infrastructures, a departure from the traditionally accepted risks of software flaws.<\/p>\n<p>\u201cWe\u2019ve all been trained in a world where we have to accept that there are vulnerabilities in our software, and bad guys exploit those vulnerabilities,\u201d he said. \u201cWe try to mitigate the damage and patch them, and we go round on this merry-go-round. That technologically does not need to be true anymore.\u201d<\/p>\n<p>DARPA\u2019s statements came in the context of the <a href=\"https:\/\/cyberscoop.com\/darpa-competition-shows-promise-of-using-ai-to-find-and-patch-bugs\/\">AI Cyber Challenge<\/a>, a public-private collaboration involving industry leaders such as Google, Microsoft, Anthropic and OpenAI. The initiative tests whether advanced AI systems can identify and patch vulnerabilities in open-source software components vital to the electric grid, health care, and transportation.<\/p>\n<div class=\"ad ad--inline_1 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<p><a href=\"https:\/\/cyberscoop.com\/darpa-competition-shows-promise-of-using-ai-to-find-and-patch-bugs\/\">At the semifinal round<\/a> held at DEFCON last year, teams using LLMs and automated reasoning systems successfully found and patched numerous synthetic vulnerabilities in a range of open-source projects, including the Linux kernel and SQLite. According to McHenry, these results indicate not just proof-of-concept, but a potential paradigm shift in how secure software could be produced and maintained.<\/p>\n<p>Formal methods \u2014 a way of using math to prove that software works as intended \u2014 have for decades been regarded as effective but laborious and expensive, suited only for the most critical systems and requiring expert staff. McHenry noted that combining LLMs with formal methods enables automatic generation and validation of correctness proofs, drastically lowering the labor and cost barriers.<\/p>\n<p>Panelists from health care and transportation agencies underscored why patching speed matters. Jennifer Roberts, director of resilient systems at ARPA-H, cited industry data showing an average of 491 days between a patch becoming available and its deployment in hospitals. Vincent Tang, deputy director at ARPA-I, noted that the nation\u2019s 300,000 traffic signals run on a patchwork of legacy firmware supplied by dozens of vendors. <\/p>\n<p>Additionally, critical infrastructure \u2014 including water treatment plants, power grids, hospitals, and transportation networks \u2014 relies on software ecosystems often composed of open-source code. These ecosystems are known to harbor vulnerabilities, which actors ranging from criminal gangs to nation-states have exploited.<\/p>\n<p>The panelists from research agencies recognized substantial obstacles, including regulatory barriers, liability concerns, and the challenge of installing updates on many different types of technology. However, they all viewed AI as a potentially transformative approach to cybersecurity.<\/p>\n<div class=\"ad ad--inline_1 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<p>McHenry said that DARPA is less concerned with incremental improvement and more with technological \u201coffsets\u201d that could render whole classes of attack ineffective. <\/p>\n<p>\u201cWe don\u2019t play small ball,\u201d he said. \u201cI\u2019d give up 99 programs that hardly fail to have one that once a decade causes an offset in national security that kind of changes everything.\u201d<\/p>\n<p><\/body> <\/p>\n<footer class=\"single-article__footer\" readability=\"4.2569832402235\">\n<div class=\"author-card\" readability=\"14\">\n<div class=\"author-card__avatar\">\n<figure class=\"author-card__image-wrap\"> <img data-recalc-dims=\"1\" decoding=\"async\" class=\"author-card__image\" src=\"https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2025\/04\/darpa-believes-ai-cyber-challenge-could-upend-patching-as-the-industry-knows-it-1.jpg?w=640&ssl=1\" alt=\"Greg Otto\"> <\/figure>\n<\/p><\/div>\n<p><h4 class=\"author-card__name\">Written by Greg Otto<\/h4>\n<p> Greg Otto is Editor-in-Chief of CyberScoop, overseeing all editorial content for the website. Greg has led cybersecurity coverage that has won various awards, including accolades from the Society of Professional Journalists and the American Society of Business Publication Editors. Prior to joining Scoop News Group, Greg worked for the Washington Business Journal, U.S. News & World Report and WTOP Radio. He has a degree in broadcast journalism from Temple University. <\/p>\n<\/p><\/div>\n<div class=\"single-article__tags-container\">\n<h4 class=\"single-article__tags-title\">In This Story<\/h4>\n<\/p><\/div>\n<\/footer>\n<p> <\/html><\/div>\n<\/p><\/div>\n<\/p><\/div>\n<div class=\"single-article__ads js-single-article-sidebar\">\n<div class=\"ad ad--sidebar js-single-article-sidebar-5 ad--rightrail_1 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<div class=\"ad ad--sidebar js-single-article-sidebar-4 ad--rightrail_2 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<div class=\"ad ad--sidebar js-single-article-sidebar-3 ad--rightrail_3 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div><\/div>\n<\/article>\n<div class=\"popular-stories popular-stories--single-post\">\n<div class=\"popular-stories__container\">\n<h2 class=\"popular-stories__title\"> More Scoops <\/h2>\n<p>  <\/div>\n<p>\n<\/div>\n<p> <\/p>\n<section class=\"latest-podcasts\">\n<h2 class=\"latest-podcasts__title\"> Latest Podcasts\t<\/h2>\n<\/section>\n<div class=\"top-categories\">\n<div class=\"top-categories__container\">\n<h3 class=\"top-categories__category-title\">Government<\/h3>\n<\/p><\/div>\n<div class=\"top-categories__container\">\n<h3 class=\"top-categories__category-title\">Technology<\/h3>\n<\/p><\/div>\n<\/p><\/div>\n<p> <\/main> <\/p>\n<div class=\"ad ad--bottom \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<div id=\"interstitial\" class=\"welcome__container\"> <button id=\"close-modal-1\" class=\"welcome__clickable_area\"><\/button> <\/p>\n<div class=\"welcome__ad_wrapper\">\n<p> <button id=\"close-modal-3\" class=\"welcome__continue-button\">Continue to CyberScoop<\/button> <\/p>\n<\/p><\/div>\n<\/p><\/div>\n<p>   <\/body> <a href=\"https:\/\/cyberscoop.com\/darpa-ai-grand-challenge-rsac-2025-patching\/\">Source<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>DARPA believes AI Cyber Challenge could upend patching as the<\/p>\n","protected":false},"author":11,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[235,3775,2465,117,823],"tags":[236,3776,2466,119,827],"class_list":["post-7592","post","type-post","status-publish","format-standard","hentry","category-ai","category-ai-cybersecurity","category-darpa","category-government","category-patching","tag-ai","tag-ai-cybersecurity","tag-darpa","tag-government","tag-patching"],"featured_image_urls":{"full":"","thumbnail":"","medium":"","medium_large":"","large":"","1536x1536":"","2048x2048":"","chromenews-featured":"","chromenews-large":"","chromenews-medium":""},"author_info":{"display_name":"Cyber Scoop","author_link":"https:\/\/ddi.mohflo.net\/index.php\/author\/cyberscoop\/"},"category_info":"<a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/ai\/\" rel=\"category tag\">AI<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/ai-cybersecurity\/\" rel=\"category tag\">AI cybersecurity<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/darpa\/\" rel=\"category tag\">DARPA<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/government\/\" rel=\"category tag\">Government<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/patching\/\" rel=\"category tag\">Patching<\/a>","tag_info":"Patching","comment_count":"0","jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts\/7592","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/users\/11"}],"replies":[{"embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/comments?post=7592"}],"version-history":[{"count":0,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts\/7592\/revisions"}],"wp:attachment":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/media?parent=7592"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/categories?post=7592"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/tags?post=7592"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}

{"id":7592,"date":"2025-04-30T00:29:17","date_gmt":"2025-04-30T05:29:17","guid":{"rendered":"https:\/\/cyberscoop.com\/?p=84365"},"modified":"2025-04-30T00:29:17","modified_gmt":"2025-04-30T05:29:17","slug":"darpa-believes-ai-cyber-challenge-could-upend-patching-as-the-industry-knows-it","status":"publish","type":"post","link":"https:\/\/ddi.mohflo.net\/index.php\/2025\/04\/30\/darpa-believes-ai-cyber-challenge-could-upend-patching-as-the-industry-knows-it\/","title":{"rendered":"DARPA believes AI Cyber Challenge could upend patching as the industry knows it\u00a0"},"content":{"rendered":"