![[2602.07666] SoK: DARPA's AI Cyber Challenge (AIxCC): Competition Design, Architectures, and Lessons Learned](https://arxiv.org/static/browse/0.3.4/images/arxiv-logo-fb.png){kind=logo}
[2602.07666] SoK: DARPA's AI Cyber Challenge (AIxCC): Competition Design, Architectures, and Lessons Learned
Summary
This paper analyzes DARPA's AI Cyber Challenge (AIxCC), focusing on competition design, architectural approaches of finalists, and key lessons learned for future autonomous cyber reasoning systems.
Why It Matters
The AI Cyber Challenge represents a significant step in leveraging AI for cybersecurity, showcasing advancements in autonomous systems that can identify and mitigate software vulnerabilities. Understanding its design and outcomes can inform future competitions and practical applications in cybersecurity.
Key Takeaways
- AIxCC is the largest competition for autonomous cyber reasoning systems to date.
- The paper provides a systematic analysis of competition design and outcomes.
- Key architectural approaches of finalist systems are characterized.
- Identifies genuine technical advances and remaining limitations in the field.
- Offers lessons for organizing future competitions and deploying CRS in practice.
Computer Science > Cryptography and Security arXiv:2602.07666 (cs) [Submitted on 7 Feb 2026 (v1), last revised 18 Feb 2026 (this version, v2)] Title:SoK: DARPA's AI Cyber Challenge (AIxCC): Competition Design, Architectures, and Lessons Learned Authors:Cen Zhang, Younggi Park, Fabian Fleischer, Yu-Fu Fu, Jiho Kim, Dongkwan Kim, Youngjoon Kim, Qingxiao Xu, Andrew Chin, Ze Sheng, Hanqing Zhao, Brian J. Lee, Joshua Wang, Michael Pelican, David J. Musliner, Jeff Huang, Jon Silliman, Mikel Mcdaniel, Jefferson Casavant, Isaac Goldthwaite, Nicholas Vidovich, Matthew Lehman, Taesoo Kim View a PDF of the paper titled SoK: DARPA's AI Cyber Challenge (AIxCC): Competition Design, Architectures, and Lessons Learned, by Cen Zhang and 22 other authors View PDF HTML (experimental) Abstract:DARPA's AI Cyber Challenge (AIxCC, 2023--2025) is the largest competition to date for building fully autonomous cyber reasoning systems (CRSs) that leverage recent advances in AI -- particularly large language models (LLMs) -- to discover and remediate vulnerabilities in real-world open-source software. This paper presents the first systematic analysis of AIxCC. Drawing on design documents, source code, execution traces, and discussions with organizers and competing teams, we examine the competition's structure and key design decisions, characterize the architectural approaches of finalist CRSs, and analyze competition results beyond the final scoreboard. Our analysis reveals the factors that truly drov...