Search papers, labs, and topics across Lattice.
This paper introduces OSS-CRS, an open-source framework designed to facilitate the deployment and utilization of AIxCC Cyber Reasoning Systems (CRSs) on real-world open-source projects. The framework addresses the challenge of deploying CRSs outside of the original competition infrastructure by providing a locally deployable environment with budget-aware resource management. By porting the winning Atlantis system to OSS-CRS, the authors discovered 10 previously unknown bugs, including three high-severity vulnerabilities, across eight OSS-Fuzz projects.
AI-powered cyber reasoning can now find real-world bugs in open-source software thanks to a new framework that liberates DARPA's AI Cyber Challenge systems from their inaccessible cloud origins.
DARPA's AI Cyber Challenge (AIxCC) showed that cyber reasoning systems (CRSs) can go beyond vulnerability discovery to autonomously confirm and patch bugs: seven teams built such systems and open-sourced them after the competition. Yet all seven open-sourced CRSs remain largely unusable outside their original teams, each bound to the competition cloud infrastructure that no longer exists. We present OSS-CRS, an open, locally deployable framework for running and combining CRS techniques against real-world open-source projects, with budget-aware resource management. We ported the first-place system (Atlantis) and discovered 10 previously unknown bugs (three of high severity) across 8 OSS-Fuzz projects. OSS-CRS is publicly available.
