When it comes to spotting cyber vulnerabilities and repelling cyber attacks, humans and machines are good at different things. Human cybersecurity experts do well with abstract thought and comprehensive assessment. Autonomous and semi-autonomous cyber systems excel at hard math and rigid logic.
What happens when you put the two together—do they add up to more than the sum of their parts? The Defense Advanced Research Projects Agency (DARPA) wants to know. So DARPA has started an initiative called Computers and Humans Exploring Software Security (inevitably, CHESS).
According to Joseph Marks at Defense One, the whole thing began when Shellphish, a team of computer science grad students from UC Santa Barbara, entered their autonomous cybersecurity system into a competition at DEF CON, a hacker conference. The competition was intended for humans, but the students spotted a vulnerability—the rules didn’t explicitly prohibit non-human competitors. At that point, a DARPA official said to himself “Hmm, I wonder…”
DARPA, which focuses on long-horizon technologies, just held a “Proposers Day” for CHESS this month, so the program probably won’t produce results very soon. Then again, one wonders why nobody tried this approach sooner.