The Future of Cyber-Autonomy

Wednesday, January 17, 2018 - 1:00 pm1:30 pm

David Brumley, CEO, ForAllSecure


We need to move to a fully autonomous world for software security. Current software security attack and defense is done by humans, at human time lines. Cyber-autonomy research and development is creating tech that makes fully autonomous cyber possible. Cyber-autonomy promises to scale better and make defense possible within machine-scale time.

In this talk, I will describe the Cyber Grand Challenge and the system Mayhem. Mayhem is a fully autonomous cyber system that can find new vulnerabilities, generate exploits, and self-heal off-the-shelf software. Mayhem is the result of 10 years of academic research and 3 years of commercial development. Mayhem competed and won a $2 million dollar prize in the US Cyber Grand Challenge competition co-hosted at DEFCON 2016. I will describe how Mayhem works, the Cyber Grand Challenge competition, and how Mayhem fared against the world's best hacking teams. I will also describe how I think Mayhem, and other autonomous systems like it, will change the security landscape in the next decade.

@inproceedings {208121,
author = {David Brumley},
title = {The Future of Cyber-Autonomy},
booktitle = {Enigma 2018 (Enigma 2018)},
year = {2018},
address = {Santa Clara, CA},
url = {},
publisher = {{USENIX} Association},