News
News & events
Warning! Hackers are on the brink of launching a wave of AI attacks
2018-01-24

 In the summer of 2016, seven hacking machines travelled to Las Vegas with their human creators. They were there to compete in a global-hacking event: the DARPA-sponsored Cyber Grand Challenge designed for machines that can hack other machines. The winner would take home $2 million (£1.5m). The battle was waged over dozens of rounds, with each machine striving to find the most software vulnerabilities, exploit them and patch them before the other machines could use the same tactics to take it out of the game. Each machine was a cluster of processing power, software-analysis algorithms and exploitation tools purposely created by the human teams.



 
This was the ultimate (and, so far, the only) all-machine hacking competition. The winner, code-named Mayhem, now sits in the Smithsonian National Museum of American history in Washington DC, as the first "non-human entity" to win the coveted DEFCON black badge - one of the highest honours known to hackers.

Mayhem's next tournament, also in August 2017, was against teams of human hackers - and it didn't win. Although it could keep hacking for 24 hours like its Red Bull-fuelled human counterparts, it lacked that surge of energy and motivation that competing humans feel when, for example, a rival team fails to spot a software flaw. A machine can't think outside of the box and it doesn't yet possess the spark of creativity, intuition and audacity that allowed human hackers to win.

This will change in 2018. Advances in computing power and in theoretical and practical concepts in AI research, as well as breakthroughs in cybersecurity, promise that machine-learningalgorithms and techniques will be a key part of cyberdefence – and possibly even attack. Human hackers whose machines competed in 2016 and 2017 are now evolving their technology, working in tandem with machines to win other hacking competitions and take on new challenges. (A notable example is Team Shellphish and its open-source exploit-automation tool "angr").