AIxCC Part 1 - From Skepticism to Success: The AI Cyber Challenge (AIxCC) with Andrew Carney
10 February 2026

AIxCC Part 1 - From Skepticism to Success: The AI Cyber Challenge (AIxCC) with Andrew Carney

What's in the SOSS? An OpenSSF Podcast

About

This episode of What’s in the SOSS features Andrew Carney from DARPA and ARPA-H, discussing the groundbreaking AI Cyber Challenge (AIxCC). The competition was designed to create autonomous systems capable of finding and patching vulnerabilities in open source software, a crucial effort given the pervasive nature of open source in the tech ecosystem. Carney shares insights into the two-year journey, highlighting the initial skepticism from experts that ultimately turned into belief, and reveals the surprising efficiency of the competing teams, who collectively found over 80% of inserted vulnerabilities and patched nearly 70%, with remarkably low compute costs. The discussion concludes with a look at the next steps: integrating these cyber reasoning systems into the open source community to support maintainers and supercharge automated patching in development workflows.


This episode is part 1 of a four-part series on AIxCC:

    AIxCC part 2: From Skeptics to Believers: How Team Atlanta Won AIxCC by Combining Traditional Security with LLMsAIxCC part 3: Buttercup's Hybrid Approach: Trail of Bits' Journey to Second Place in AIxCCAIxCC part 4: Cyber Reasoning Systems: The Real-World Journey After AIxCC

Chapters:

00:00 - Introduction and Guest Welcome 

00:59 - Guest Background: Andrew Carney's Role at DARPA/ARPA-H

02:20 - Overview of the AI Cyber Challenge (AIxCC)

03:48 - Competition History and Structure

04:44 - The Value of Skepticism and Surprising Learnings

07:11 - Surprising Efficiency and Low Compute Costs

08:15 - Major Competition Highlights and Results

13:09 - What's Next: Integrating Cyber Reasoning Systems into Open Source

16:55 - A Favorite Tale of "Robots Gone Bad"

18:37 - Call to Action and Closing Thoughts


Episode links:

    Andrew Carney’s LinkedIn pageAI Cyber Challenge (AIxCC)OpenSSF AI/ML Security Working GroupCyber Reasoning Systems Special Interest Group (Slack)Get involved with the OpenSSFSubscribe to the OpenSSF newsletterFollow the OpenSSF on LinkedIn