🏆 Our Key Achievements

4️⃣

4th Place Finish

Secured 4th position among 7 elite finalist teams in DARPA's most challenging AI cybersecurity competition.

🐛

28 Vulnerabilities

Discovered 28 vulnerabilities in real-world projects that cause crashes, including six zero-days.

Java Expertise

Earned "Fresh from the Coffee Pot" and "Espresso Oligarch" badges for finding the most Java POVs and first bloods.

Lightning Fast

Achieved "Faster than pizza delivery" by scoring in less than 5 minutes on multiple challenges.

🎯

CWE Coverage

Demonstrated "Bug Panoply" and "Cornucopia" by submitting POVs spanning 10+ different CWE categories.

🏗️

Giant Slayer

Successfully scored on repositories with over 5 million lines of code, proving scalability.

📊 Competition Performance Breakdown

6
Zero-Day
Vulnerabilities found by our team
1
Solo Discovery in C
Successfully validated fixes
1
Solo Discovery in Java
Unique finding by our team
4
Shared Discoveries
Found alongside other teams

🎖️ Special Recognition Badges

🍕

Faster than pizza delivery

Scored in less than 5 minutes on multiple challenges, demonstrating the speed of our automated system.

Fresh from the Coffee Pot

Found the most POVs in Java challenges for vulnerabilities that were not artificially inserted by organizers.

👑

Espresso Oligarch

Achieved the most First Bloods in Java challenges, showcasing our Java expertise.

🏛️

Giant Slayer

Successfully scored on repositories with over 5 million lines of code, proving our system's scalability.

🏺

Raiders of the Lost POV

Found POVs that triggered vulnerabilities not artificially inserted into the challenge - real zero-days!

📋

SARIF Mastery

Achieved over 80% SARIF accuracy, demonstrating superior vulnerability report validation.

🤖

LLM Q&A Champion

Made over 100,000 LLM requests in the final round, showcasing our AI-powered approach.

🔬 What Made Us Different

🧠 LLM-First Approach

While other teams relied heavily on traditional fuzzing, we pioneered an LLM-powered methodology with 23 distinct strategies. Our system made over 100,000 LLM requests in the final round, demonstrating unprecedented AI integration in cybersecurity.

☕ Java Specialization

Our deep focus on Java vulnerabilities paid off massively. We dominated the Java category, earning both "Fresh from the Coffee Pot" and "Espresso Oligarch" badges for finding the most Java POVs and first bloods.

⚡ Speed & Accuracy

Our automated system consistently delivered results in under 5 minutes, earning the "Faster than pizza delivery" achievement while maintaining high accuracy with 80%+ SARIF validation rates.

💡 Key Lessons Learned

🤖 AI Integration is Key

Our 100k+ LLM requests weren't just about volume - they represented a fundamentally different approach to vulnerability discovery that will likely define the future of cybersecurity.

⚡ Speed Matters

In competitive environments, being first to find and validate vulnerabilities provides significant advantages. Our sub-5-minute response times were crucial to our success.

🔍 Real Bugs Are Gold

Finding actual vulnerabilities in production code, not just competition artifacts, demonstrated the real-world applicability of our approach.

🚀 What's Next

Our 4th place finish in DARPA's AIxCC is just the beginning. The techniques we developed, the badges we earned, and the real vulnerabilities we discovered all point to a future where AI-powered security analysis becomes the norm.

🔬 Research Advancement

We're continuing to refine our 23 LLM-based strategies and exploring new approaches to automated vulnerability discovery.

🌐 Open Source Impact

Our complete system is open source, enabling the security community to build upon our innovations and findings.

📊 Continuous Benchmarking

Our FuzzingBrain Leaderboard continues to evaluate and compare LLM performance on security tasks.

🔗 Explore Our Work

Interested in learning more about our techniques or contributing to the field?

📂 View Source Code 🏆 Check Leaderboard