https://miscreants.github.io/blog.trailofbits.com/categories/darpa/Recent content in darpa on The Trail of Bits BlogHugoen-usSat, 09 Aug 2025 00:00:00 -0400https://miscreants.github.io/blog.trailofbits.com/2025/08/09/trail-of-bits-buttercup-wins-2nd-place-in-aixcc-challenge/Sat, 09 Aug 2025 10:30:00 -0400https://miscreants.github.io/blog.trailofbits.com/2025/08/09/trail-of-bits-buttercup-wins-2nd-place-in-aixcc-challenge/Our team won the runner-up prize of $3M at DARPA’s AI Cyber Challenge, demonstrating Buttercup’s world-class automated vulnerability discovery and patching capabilities with remarkable cost efficiency.https://miscreants.github.io/blog.trailofbits.com/2025/08/08/buttercup-is-now-open-source/Fri, 08 Aug 2025 00:00:00 -0400https://miscreants.github.io/blog.trailofbits.com/2025/08/08/buttercup-is-now-open-source/Now that DARPA’s AI Cyber Challenge (AIxCC) has officially ended, we can finally make Buttercup, our CRS (Cyber Reasoning System), open source!https://miscreants.github.io/blog.trailofbits.com/2025/08/07/aixcc-finals-tale-of-the-tape/Thu, 07 Aug 2025 00:00:00 -0400https://miscreants.github.io/blog.trailofbits.com/2025/08/07/aixcc-finals-tale-of-the-tape/While the AIxCC winner has not yet been announced, differences in the finalists’ approaches show that there are multiple viable paths forward to using AI for vulnerability detection.https://miscreants.github.io/blog.trailofbits.com/2025/07/02/buckle-up-buttercup-aixccs-scored-round-is-underway/Wed, 02 Jul 2025 07:00:00 -0400https://miscreants.github.io/blog.trailofbits.com/2025/07/02/buckle-up-buttercup-aixccs-scored-round-is-underway/Our CRS (Cyber Reasoning System), Buttercup, is now competing in the one and only scored round of DARPA’s AI Cyber Challenge (AIxCC) against six other teams to see which autonomous AI-driven system can find and patch the most software vulnerabilities.https://miscreants.github.io/blog.trailofbits.com/2025/04/21/kicking-off-aixccs-finals-with-buttercup/Mon, 21 Apr 2025 09:00:00 -0400https://miscreants.github.io/blog.trailofbits.com/2025/04/21/kicking-off-aixccs-finals-with-buttercup/Trail of Bits’ Buttercup competes in DARPA’s AIxCC Finals with expanded resources, multiple rounds, new challenge types, and custom AI model capabilities.https://miscreants.github.io/blog.trailofbits.com/2024/08/09/trail-of-bits-buttercup-heads-to-darpas-aixcc/Fri, 09 Aug 2024 09:10:29 -0400https://miscreants.github.io/blog.trailofbits.com/2024/08/09/trail-of-bits-buttercup-heads-to-darpas-aixcc/With DARPA’s AI Cyber Challenge (AIxCC) semifinal starting today at DEF CON 2024, we want to introduce Buttercup, our AIxCC submission. Buttercup is a Cyber Reasoning System (CRS) that combines conventional cybersecurity techniques like fuzzing and static analysis with AI and machine learning to find and fix software vulnerabilities. The system is designed to operate […]https://miscreants.github.io/blog.trailofbits.com/2024/01/18/our-thoughts-on-aixccs-competition-format/Thu, 18 Jan 2024 09:00:38 -0500https://miscreants.github.io/blog.trailofbits.com/2024/01/18/our-thoughts-on-aixccs-competition-format/Late last month, DARPA officially opened registration for their AI Cyber Challenge (AIxCC). As part of the festivities, DARPA also released some highly anticipated information about the competition: a request for comments (RFC) that contained a sample challenge problem and the scoring methodology. Prior rules documents and FAQs released by DARPA painted […]https://miscreants.github.io/blog.trailofbits.com/2023/12/14/darpas-ai-cyber-challenge-were-in/Thu, 14 Dec 2023 09:00:45 -0500https://miscreants.github.io/blog.trailofbits.com/2023/12/14/darpas-ai-cyber-challenge-were-in/We’re thrilled to announce that Trail of Bits will be competing in DARPA’s upcoming AI Cyber Challenge (AIxCC)! DARPA is challenging competitors to develop novel, fully automated AI-driven systems capable of securing the critical software that underpins the modern world. We’ve formed a team of world class software security and AI/ML experts, bringing together researchers, […]https://miscreants.github.io/blog.trailofbits.com/2023/11/20/how-cisa-can-improve-oss-security/Mon, 20 Nov 2023 09:35:59 -0500https://miscreants.github.io/blog.trailofbits.com/2023/11/20/how-cisa-can-improve-oss-security/The US government recently issued a request for information (RFI) about open-source software (OSS) security. In this blog post, we will present a summary of our response and proposed solutions. Some of our solutions include rewriting widely used legacy code in memory safe languages such as Rust, funding OSS solutions to improve […]https://miscreants.github.io/blog.trailofbits.com/2022/06/24/managing-risk-in-blockchain-deployments/Fri, 24 Jun 2022 09:00:09 -0400https://miscreants.github.io/blog.trailofbits.com/2022/06/24/managing-risk-in-blockchain-deployments/Do you need a blockchain? And if so, what kind? Trail of Bits has released an operational risk assessment report on blockchain technology. As more businesses consider the innovative advantages of blockchains and, more generally, distributed ledger technologies (DLT), executives must decide whether and how to adopt them. Organizations adopting these systems must understand and […]https://miscreants.github.io/blog.trailofbits.com/2022/06/21/are-blockchains-decentralized/Tue, 21 Jun 2022 05:00:39 -0400https://miscreants.github.io/blog.trailofbits.com/2022/06/21/are-blockchains-decentralized/A new Trail of Bits research report examines unintended centralities in distributed ledgers Blockchains can help push the boundaries of current technology in useful ways. However, to make good risk decisions involving exciting and innovative technologies, people need demonstrable facts that are arrived at through reproducible methods and open data. We believe the risks inherent […]https://miscreants.github.io/blog.trailofbits.com/2021/11/11/motivating-global-stabilization/Thu, 11 Nov 2021 10:39:56 -0500https://miscreants.github.io/blog.trailofbits.com/2021/11/11/motivating-global-stabilization/Originally published on October 12, 2021 Consensus protocols have come to play a critical role in many applications. Fischer, Lynch, and Paterson’s classic impossibility result showed that under reasonable assumptions, it can be impossible for a protocol to reach consensus. In Dwork, Lynch, and Stockmeyer’s paper “Consensus in the Presence […]https://miscreants.github.io/blog.trailofbits.com/2020/08/28/graphtage/Fri, 28 Aug 2020 07:00:27 -0400https://miscreants.github.io/blog.trailofbits.com/2020/08/28/graphtage/Graphtage is a command line utility and underlying library for semantically comparing and merging tree-like structures such as JSON, JSON5, XML, HTML, YAML, and TOML files. Its name is a portmanteau of “graph” and “graftage” (i.e., the horticultural practice of joining two trees together so they grow as one). Read on for what Graphtage does differently and better, why we developed it, how it works, and directions for using it as a library.https://miscreants.github.io/blog.trailofbits.com/2020/05/21/reinventing-vulnerability-disclosure-using-zero-knowledge-proofs/Thu, 21 May 2020 07:50:27 -0400https://miscreants.github.io/blog.trailofbits.com/2020/05/21/reinventing-vulnerability-disclosure-using-zero-knowledge-proofs/We, along with our partner Matthew Green at Johns Hopkins University, are using zero-knowledge (ZK) proofs to establish a trusted landscape in which tech companies and vulnerability researchers can communicate reasonably with one another without fear of being sabotaged or scorned. Over the next four years, we will push the state of the art in […]https://miscreants.github.io/blog.trailofbits.com/2019/11/01/two-new-tools-that-tame-the-treachery-of-files/Fri, 01 Nov 2019 07:00:18 -0400https://miscreants.github.io/blog.trailofbits.com/2019/11/01/two-new-tools-that-tame-the-treachery-of-files/Parsing is hard, even when a file format is well specified. But when the specification is ambiguous, it leads to unintended and strange parser and interpreter behaviors that make file formats susceptible to security vulnerabilities. What if we could automatically generate a “safe” subset of any file format, along with an associated, verified parser? That’s […]https://miscreants.github.io/blog.trailofbits.com/2018/10/26/the-good-the-bad-and-the-weird/Fri, 26 Oct 2018 06:50:13 -0400https://miscreants.github.io/blog.trailofbits.com/2018/10/26/the-good-the-bad-and-the-weird/Let’s automatically identify weird machines in software. Combating software exploitation has been a cat-and-mouse game ever since the Morris worm in 1988. Attackers use specific exploitation primitives to achieve unintended code execution. Major software vendors introduce exploit mitigation to break those primitives. Back and forth, back and forth. The mitigations have certainly raised the bar […]https://miscreants.github.io/blog.trailofbits.com/2018/09/10/protecting-software-against-exploitation-with-darpas-cfar/Mon, 10 Sep 2018 09:00:55 -0400https://miscreants.github.io/blog.trailofbits.com/2018/09/10/protecting-software-against-exploitation-with-darpas-cfar/Today, we’re going to talk about a hard problem that we are working on as part of DARPA’s Cyber Fault-Tolerant Attack Recovery (CFAR) program: automatically protecting software from 0-day exploits, memory corruption, and many currently undiscovered bugs. You might be thinking: “Why bother? Can’t I just compile my code with exploit mitigations like stack guard, […]https://miscreants.github.io/blog.trailofbits.com/2017/03/14/mcsema-im-liftin-it/Tue, 14 Mar 2017 06:50:41 -0400https://miscreants.github.io/blog.trailofbits.com/2017/03/14/mcsema-im-liftin-it/McSema, our x86 machine code to LLVM bitcode binary translator, just got a fresh coat of paint. Last week we held a successful hackathon that produced substantial improvements to McSema’s usability, documentation, and code quality. It’s now easier than ever to use McSema to analyze and reverse-engineer binaries. Growth stage We use McSema on a […]https://miscreants.github.io/blog.trailofbits.com/2017/02/16/the-smart-fuzzer-revolution/Thu, 16 Feb 2017 06:50:08 -0500https://miscreants.github.io/blog.trailofbits.com/2017/02/16/the-smart-fuzzer-revolution/I recently had the privilege of giving a keynote at BSidesLisbon. I had a great time at the conference, and I’d like to thank Bruno Morisson for inviting me. If you’re into port, this is the conference for you! I recommend that anyone in the area consider attending next year. I felt there was a […]https://miscreants.github.io/blog.trailofbits.com/2016/11/02/shin-grr-make-fuzzing-fast-again/Wed, 02 Nov 2016 07:50:40 -0400https://miscreants.github.io/blog.trailofbits.com/2016/11/02/shin-grr-make-fuzzing-fast-again/We’ve mentioned GRR before – it’s our high-speed, full-system emulator used to fuzz program binaries. We developed GRR for DARPA’s Cyber Grand Challenge (CGC), and now we’re releasing it as an open-source project! Go check it out. Fear GRR Bugs aren’t afraid of slow fuzzers, and that’s why GRR was designed with unique and innovative […]https://miscreants.github.io/blog.trailofbits.com/2016/08/02/engineering-solutions-to-hard-program-analysis-problems/Tue, 02 Aug 2016 07:50:34 -0400https://miscreants.github.io/blog.trailofbits.com/2016/08/02/engineering-solutions-to-hard-program-analysis-problems/Finding bugs in programs is hard. Automating the process is even harder. We tackled the harder problem and produced two production-quality bug-finding systems: GRR, a high-throughput fuzzer, and PySymEmu (PSE), a binary symbolic executor with support for concrete inputs. From afar, fuzzing is a dumb, brute-force method that works surprisingly well, and symbolic execution is […]https://miscreants.github.io/blog.trailofbits.com/2016/08/01/your-tool-works-better-than-mine-prove-it/Mon, 01 Aug 2016 07:50:18 -0400https://miscreants.github.io/blog.trailofbits.com/2016/08/01/your-tool-works-better-than-mine-prove-it/No doubt, DARPA’s Cyber Grand Challenge (CGC) will go down in history for advancing the state of the art in a variety of fields: symbolic execution, binary translation, and dynamic instrumentation, to name a few. But there is one contribution that we believe has been overlooked so far, and that may prove to be the […]https://miscreants.github.io/blog.trailofbits.com/2016/03/09/the-problem-with-dynamic-program-analysis/Wed, 09 Mar 2016 13:53:34 -0500https://miscreants.github.io/blog.trailofbits.com/2016/03/09/the-problem-with-dynamic-program-analysis/Developers have access to tools like AddressSanitizer and Valgrind that will tell them when the code that they’re running accesses uninitialized memory, leaks memory, or uses memory after it’s been freed. Despite the availability of these excellent tools, memory bugs still persist, still get shipped to users, and still get exploited in the wild. Most […]https://miscreants.github.io/blog.trailofbits.com/2015/07/15/how-we-fared-in-the-cyber-grand-challenge/Wed, 15 Jul 2015 07:00:09 -0400https://miscreants.github.io/blog.trailofbits.com/2015/07/15/how-we-fared-in-the-cyber-grand-challenge/The Cyber Grand Challenge qualifying event was held on June 3rd, at exactly noon Eastern time. At that instant, our Cyber Reasoning System (CRS) was given 131 purposely built insecure programs. During the following 24 hour period, our CRS was able to identify vulnerabilities in 65 of those programs and rewrite 94 of them to […]https://miscreants.github.io/blog.trailofbits.com/2014/11/25/close-encounters-with-symbolic-execution/Tue, 25 Nov 2014 08:50:54 -0500https://miscreants.github.io/blog.trailofbits.com/2014/11/25/close-encounters-with-symbolic-execution/At THREADS 2014, I demonstrated a new capability of mcsema that enables the use of KLEE, a symbolic execution framework, on software available only in binary form. In the talk, I described how to use mcsema and KLEE to learn an unknown protocol defined in a binary that has never been seen before. In the example, […]https://miscreants.github.io/blog.trailofbits.com/2014/10/02/threads-14-scaling-security/Thu, 02 Oct 2014 08:00:20 -0400https://miscreants.github.io/blog.trailofbits.com/2014/10/02/threads-14-scaling-security/For every security engineer you train, there are 20 or more developers writing code with potential vulnerabilities. There’s no human way to keep up. We need to be more effective with less resources. It’s time to make security a fully integrated part of modern software development and operations. It’s time to automate. This year’s THREADS […]https://miscreants.github.io/blog.trailofbits.com/2014/08/20/remastering-applications-by-obfuscating-during-compilation/Wed, 20 Aug 2014 08:50:45 -0400https://miscreants.github.io/blog.trailofbits.com/2014/08/20/remastering-applications-by-obfuscating-during-compilation/In this post, we discuss the creation of a novel software obfuscation toolkit, MAST, implemented in the LLVM compiler and suitable for denying program understanding to even the most well-resourced adversary. Our implementation is inspired by effective obfuscation techniques used by nation-state malware and techniques discussed in academic literature. MAST enables software developers to protect […]https://miscreants.github.io/blog.trailofbits.com/2014/08/07/mcsema-is-officially-open-source/Thu, 07 Aug 2014 08:50:47 -0400https://miscreants.github.io/blog.trailofbits.com/2014/08/07/mcsema-is-officially-open-source/We are proud to announce that McSema is now open source! McSema is a framework for analyzing and transforming machine-code programs to LLVM bitcode. It supports translation of x86 machine code, including integer, floating point, and SSE instructions. We previously covered some features of McSema in an earlier blog post and in our talk at ReCON 2014. Our […]https://miscreants.github.io/blog.trailofbits.com/2014/06/03/dear-darpa-challenge-accepted/Tue, 03 Jun 2014 18:45:41 -0400https://miscreants.github.io/blog.trailofbits.com/2014/06/03/dear-darpa-challenge-accepted/We are proud to have one of the only seven accepted funded-track proposals to DARPA’s Cyber Grand Challenge. Computer security experts from academia, industry and the larger security community have organized themselves into more than 30 teams to compete in DARPA’s Cyber Grand Challenge —- a first-of-its-kind tournament designed to speed the development of automated security […]https://miscreants.github.io/blog.trailofbits.com/2014/05/20/trail-of-bits-releases-capture-the-flag-field-guide/Tue, 20 May 2014 09:00:33 -0400https://miscreants.github.io/blog.trailofbits.com/2014/05/20/trail-of-bits-releases-capture-the-flag-field-guide/Free Online Coursework Allows Students, Professionals to Build Essential Offensive Security Skills New York, NY (May 20, 2014)–Security researchers at Trail of Bits today introduced the CTF Field Guide (Capture the Flag), a freely available, self-guided online course designed to help university and high school students hone the skills needed to succeed in the fast-paced, […]https://miscreants.github.io/blog.trailofbits.com/2014/02/23/semantic-analysis-of-native-programs-introducing-codereason/Sun, 23 Feb 2014 22:59:13 -0500https://miscreants.github.io/blog.trailofbits.com/2014/02/23/semantic-analysis-of-native-programs-introducing-codereason/Have you ever wanted to make a query into a native mode program asking about program locations that write a specific value to a register? Have you ever wanted to automatically deobfuscate obfuscated strings? Reverse engineering a native program involves understanding its semantics at a low level until a high level picture of functionality emerges. […]