In other words, Hoffmann argued, achieving the far-off vision that DARPA's Cyber Grand Challenge ultimately imagines—computers that can find and patch bugs, and then use those bugs to launch cyberattacks, all on their own—would first require a truly intelligent machine.Of course, the question of what constitutes "real" artificial intelligence has long been up for debate, and it may very well be the case that we don't quite need a firewall that can think to do a competent job in the near term. "I believe there's this old joke that it's only called artificial intelligence until the problem has been solved, and then it's automation," Melski said. "You have to start answering the question of what counts as intelligence, and that's tricky."Case in point, the programs these teams are creating can already rival—and in some cases, exceed—what humans can do. But in terms of creativity and cunning, it will be quite some time before they can actually "think" about cybersecurity problems in a human way. With that in mind, imagine DARPA's Cyber Grand Challenge as a stake in the ground marking where that work starts.At the University of Idaho's Center for Secure and Dependable Systems, director Jim Alves-Foss and research assistant professor Jia Song have set their sights, in the near-term, on a much more attainable task. "My goal is to make tools and methodologies available to system developers so it's cheaper and easier to build secure code," Alves-Foss said. They have the smallest Grand Challenge team—it's only the two of them—and they are self-funded.
"We fully believe that it's going to be years before a computer can replace a human, because humans, especially when you look at computer security, have this spark of creativity."
For now, it's less about having an AI discover and invent completely new types of attacks, and more about the logistics of divvying up limited computing resources to prioritize the search for known bugs and ones like them."We fully believe that it's going to be years before a computer can replace a human, because humans, especially when you look at computer security, have this spark of creativity," said David Brumley, a co-founder of ForAllSecure, another security software developer and finalist in DARPA's challenge.
Their goal is to harness the "cold hard logic of computers" to take vulnerabilities their team has already found, and find them in other programs